GCVE - cpe:2.3:a:insyde:insydeh2o:5.2:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:insyde:insydeh2o:5.2:*:*:*:*:*:*:*

part: a version: 5.2 update: *

Vendor	Insyde (`9c0ef15d-4d71-5574-a128-355141b768e0`)
Product	Insydeh2O (`f5651e23-4034-5e37-b2df-c804ff3aa00c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-27353`	vulnerable	2026-06-03 14:55:17.432192	Details available A memory corruption vulnerability in SdHost and SdMmcDevice in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM. Published: 2024-05-15T14:18:19.870Z Updated: 2025-02-13T15:47:20.736Z Open on db.gcve.eu Reference links https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2024001	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-25079`	vulnerable	2026-06-03 14:55:06.359576	Details available A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM. Published: 2024-05-15T14:23:26.249Z Updated: 2025-02-13T15:47:10.262Z Open on db.gcve.eu Reference links https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2024001	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-25078`	vulnerable	2026-06-03 14:55:06.355609	Details available A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and kernel 5.6: IB19130163 in 05.61.07 could lead to escalating privileges in SMM. Published: 2024-05-15T14:11:01.648Z Updated: 2025-02-13T15:47:09.709Z Open on db.gcve.eu Reference links https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2024001	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-31041`	vulnerable	2026-06-03 14:51:54.456559	Details available An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure. Published: 2023-08-14T00:00:00.000Z Updated: 2024-10-09T16:15:50.426Z Open on db.gcve.eu Reference links https://www.insyde.com/security-pledge/SA-2023047	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-30633`	vulnerable	2026-06-03 14:51:52.911315	Details available An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration to ensure that the boot process is secure. (For example, Windows uses these PCR measurements to determine device health.) A vulnerable device can masquerade as a healthy device by extending arbitrary values into Platform Configuration Register (PCR) banks. This requires physical access to a target victim's device, or compromise of user credentials for a device. This issue is similar to CVE-2021-42299 (on Surface Pro devices). Published: 2023-10-19T00:00:00.000Z Updated: 2024-09-12T20:21:56.569Z Open on db.gcve.eu Reference links https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2023045	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-27471`	vulnerable	2026-06-03 14:51:01.980149	Details available An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerability could potentially lead to denial of service for the platform. Published: 2023-08-18T00:00:00.000Z Updated: 2024-10-07T19:45:21.227Z Open on db.gcve.eu Reference links https://www.insyde.com/security-pledge/SA-2023036	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-27373`	vulnerable	2026-06-03 14:51:01.060920	Details available An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM. Published: 2023-08-07T00:00:00.000Z Updated: 2025-03-07T19:25:36.184Z Open on db.gcve.eu Reference links https://www.insyde.com/security-pledge/SA-2023035	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.