Insyde Security Vulnerabilities (CVEs)

Track 32 security vulnerabilities affecting Insyde products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

2 Critical

29 High

1 Medium

Sort by:

🔔 Get Alerts for Insyde

CVE-2024-55567 7.5

This vulnerability allows attackers to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level due to improper input validation in...

Jun 12, 2025

CVE-2024-52880 7.9

This vulnerability in InsydeH2O UEFI firmware allows attackers to bypass input validation in the VariableRuntimeDxe driver's SecureBootHandler. Attack...

May 15, 2025

CVE-2024-52878 7.5

This CVE describes a buffer over-read vulnerability in InsydeH2O UEFI firmware's VariableRuntimeDxe driver. Attackers could exploit this to read sensi...

May 15, 2025

CVE-2024-49200 6.4

This vulnerability allows attackers to perform arbitrary writes in DXE memory by manipulating NVRAM variables, potentially leading to arbitrary code e...

Apr 15, 2025

CVE-2024-25079 7.4

This CVE describes a memory corruption vulnerability in the HddPassword component of Insyde InsydeH2O UEFI firmware kernels. Successful exploitation c...

May 15, 2024

CVE-2023-39281 9.8

This vulnerability allows attackers to execute arbitrary code during the DXE phase of system boot by exploiting a stack buffer overflow in AsfSecureBo...

Nov 1, 2023

CVE-2023-34195 7.8

This vulnerability allows arbitrary code execution during the DXE phase of UEFI boot process in InsydeH2O firmware. Attackers can set a UEFI variable ...

Sep 18, 2023

CVE-2021-33834 7.1

This vulnerability in Insyde H2OFFT's iscflashx64.sys driver allows attackers to cause memory corruption or system crashes by sending a malformed IOCT...

Sep 8, 2023

CVE-2023-22616 7.8

This vulnerability in Insyde InsydeH2O UEFI firmware allows attackers to corrupt System Management RAM (SMRAM) due to insufficient validation of save ...

Apr 12, 2023

CVE-2023-22613 8.8

This vulnerability allows attackers to write to arbitrary memory addresses in System Management Mode (SMM) by providing malformed pointers to SMI hand...

Apr 11, 2023

CVE-2023-22614 8.8

This vulnerability allows attackers to exploit insufficient input validation in BIOS Guard updates within InsydeH2O firmware, leading to memory corrup...

Apr 11, 2023

CVE-2022-32477 7.0

This vulnerability in Insyde InsydeH2O firmware allows DMA attacks on a shared buffer between SMM and non-SMM code, creating a TOCTOU race condition. ...

Feb 15, 2023

CVE-2022-32469 7.0

This vulnerability in Insyde InsydeH2O firmware allows DMA attacks on the PnpSmm shared buffer, creating TOCTOU race conditions that can corrupt SMRAM...

Feb 15, 2023

CVE-2022-32473 7.0

This vulnerability in Insyde InsydeH2O firmware allows DMA attacks on the HddPassword shared buffer, creating TOCTOU race conditions that can corrupt ...

Feb 15, 2023

CVE-2022-32953 7.0

This vulnerability in Insyde InsydeH2O firmware allows DMA attacks on the SdHostDriver buffer, creating TOCTOU race conditions that can corrupt SMRAM ...

Feb 15, 2023

CVE-2022-32471 7.0

This vulnerability in InsydeH2O firmware allows attackers with local access to potentially escalate privileges or corrupt data by exploiting a time-of...

Feb 15, 2023

CVE-2022-32478 7.0

This vulnerability in Insyde InsydeH2O firmware allows DMA attacks on a shared buffer between SMM and non-SMM code, creating a TOCTOU race condition. ...

Feb 15, 2023

CVE-2022-32955 7.0

This vulnerability in Insyde InsydeH2O firmware allows DMA attacks on the NvmExpressDxe buffer, creating TOCTOU race conditions that can corrupt SMRAM...

Feb 15, 2023

CVE-2021-38578 7.4

CVE-2021-38578 is a buffer underflow vulnerability in Tianocore EDK II's System Management Mode (SMM) entry point that allows attackers to corrupt SMR...

Mar 3, 2022

CVE-2021-41838 8.2

This vulnerability allows attackers to access System Management Mode (SMM) and execute arbitrary code in Insyde InsydeH2O UEFI firmware. It affects sy...

Feb 3, 2022

CVE-2021-41840 8.2

This vulnerability in Insyde InsydeH2O UEFI firmware allows attackers to execute arbitrary code in System Management Mode (SMM) through an SMM callout...

Feb 3, 2022

CVE-2021-42060 8.2

This vulnerability allows attackers to hijack execution flow in System Management Mode (SMM) through an Int15ServiceSmm callout. Exploitation could le...

Feb 3, 2022

CVE-2021-42554 8.2

This vulnerability allows attackers to write predictable data to SMRAM (System Management Mode RAM) through a memory corruption flaw in InsydeH2O firm...

Feb 3, 2022

CVE-2021-43615 8.2

This vulnerability allows attackers to write predictable data to SMRAM (System Management Mode RAM) in Insyde InsydeH2O UEFI firmware, potentially esc...

Feb 3, 2022

CVE-2022-24031 8.2

This vulnerability allows an attacker to write predictable data to SMRAM (System Management Mode RAM) in Insyde InsydeH2O UEFI firmware, potentially l...

Feb 3, 2022

CVE-2021-33627 8.2

This vulnerability in Insyde InsydeH2O Kernel allows attackers to use invalid buffer addresses with the EFI_SMM_COMMUNICATION_PROTOCOL Communicate() f...

Feb 3, 2022

CVE-2020-5953 7.5

This vulnerability allows attackers to execute arbitrary code in System Management Mode (SMM) by exploiting a flaw in InsydeH2O UEFI firmware's System...

Feb 3, 2022

CVE-2021-43522 7.5

This vulnerability in Insyde InsydeH2O UEFI firmware allows attackers to write predictable data to SMRAM (System Management RAM) through a memory corr...

Feb 3, 2022

CVE-2021-41842 9.8

This vulnerability in Insyde InsydeH2O UEFI firmware allows arbitrary code execution at SMM (System Management Mode) privilege level due to missing Co...

Jan 6, 2022

CVE-2021-45970 8.2

This vulnerability in Insyde InsydeH2O firmware's System Management Mode (SMM) allows attackers with local access to execute arbitrary code with SMM p...

Jan 5, 2022

CVE-2020-5956 7.5

This vulnerability in Insyde InsydeH2O firmware's SdLegacySmm SMI handler allows attackers to execute arbitrary code with System Management Mode (SMM)...

Jan 5, 2022

CVE-2021-33626 7.8

This vulnerability allows attackers to corrupt SMRAM memory through insufficient validation of buffer pointers in SMM SWSMI handlers, potentially lead...

Oct 1, 2021

Why Monitor Insyde Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 32+ known vulnerabilities affecting Insyde products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Insyde packages in under 60 seconds. No agents required - completely agentless scanning that works across Insyde deployments.

Free vulnerability database: Access detailed information about every Insyde CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Insyde CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Insyde CVEs Free