GCVE - cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:insyde:insydeh2o:*:*:*:*:*:*:*:*

part: o version: * update: *

Vendor	Insyde (`9c0ef15d-4d71-5574-a128-355141b768e0`)
Product	Insydeh2O (`f5651e23-4034-5e37-b2df-c804ff3aa00c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/mikebdp2/insydeh20-advanced-settings-tools`	purl2cpe	2026-06-01 10:15:09.520808

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-46897`	vulnerable	2026-06-03 14:48:26.782773	Details available An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The CapsuleIFWUSmm driver does not check the return value from a method or function. This can prevent it from detecting unexpected states and conditions. Published: 2024-04-22T00:00:00.000Z Updated: 2024-08-03T14:47:27.738Z Open on db.gcve.eu Reference links https://www.insyde.com/security-pledge	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-33626`	vulnerable	2026-06-03 14:44:43.718882	Details available A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. Published: 2021-10-01T02:21:29.000Z Updated: 2025-11-04T19:12:30.965Z Open on db.gcve.eu Reference links https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2021001 https://security.netapp.com/advisory/ntap-20220216-0006/ https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27339`	vulnerable	2026-06-03 14:42:18.014735	Details available In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5). Published: 2021-06-16T15:49:34.000Z Updated: 2025-11-04T19:12:22.115Z Open on db.gcve.eu Reference links https://www.insyde.com/security-pledge/SA-2021001 https://security.netapp.com/advisory/ntap-20220216-0005/ https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.