CVSS: 10.0EPSS: 0%CPEs: 305EXPL: 0CVE-2023-39281
https://notcve.org/view.php?id=CVE-2023-39281
01 Nov 2023 — A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase. Una vulnerabilidad de desbordamiento del búfer de pila descubierta en AsfSecureBootDxe en Insyde InsydeH2O con kernel 5.0 a 5.5 permite a los atacantes ejecutar código arbitrario durante la fase DXE. • https://www.insyde.com/security-pledge • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-22612
https://notcve.org/view.php?id=CVE-2023-22612
11 Apr 2023 — An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. A malicious host OS can invoke an Insyde SMI handler with malformed arguments, resulting in memory corruption in SMM. • https://research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode • CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-22615
https://notcve.org/view.php?id=CVE-2023-22615
11 Apr 2023 — An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI subfunction execution may corrupt SMRAM. An attacker can pass an address in the RCX save state register that overlaps SMRAM, thereby coercing an IHISI subfunction handler to overwrite private SMRAM. • https://www.insyde.com/security-pledge • CWE-787: Out-of-bounds Write •