40 matches found
CVE-2022-33905
DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM corruption through...
EUVD-2022-36942
Malicious code in bioql PyPI...
EUVD-2021-32675
Malicious code in bioql PyPI...
CVE-2022-29276
SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18...
Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32476)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the AhciBusDxe shared buffer used by SMM and non- SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU...
Race condition
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the AhciBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU...
CVE-2022-29276
SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18...
CVE-2022-33905
DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM corruption through...
CVE-2022-33905
DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM corruption through...
Design/Logic Flaw
DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM corruption through...
CVE-2022-29276
SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18...
CVE-2022-29276
CVE-2022-29276 affects the AhciBusDxe SMI handling, where untrusted inputs can lead to SMRAM corruption. The issue is documented across multiple sources (NVD, Red Hat, PRION/PTSecurity entries) and is tied to the AhciBusDxe component prior to specific kernel revisions. Reported root cause: SMI fu...
CVE-2022-29276
SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18...
CVE-2022-33905
DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM corruption through...
CVE-2022-33905
DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM corruption through...
Insyde InsydeH2O 安全漏洞
Insyde InsydeH2O is a C source from Insyde Corporation, Taiwan, China, that implements the new technology "EFI/UEFI" specification, which is designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O AhciBusDxe, which arises from the...
CVE-2022-33905
CVE-2022-33905 describes a TOCTOU vulnerability in the AhciBusDxe driver’s SMI input buffers, where DMA targeting those buffers could cause SMRAM corruption. The issue, attributed to Insyde engineering with Intel’s iSTARE context, is fixed in Linux kernels: 5.2 (05.27.23), 5.3 (05.36.23), 5.4 (05...
The vulnerability of the AhciBusDxe driver in the InsydeH2O UEFI firmware creation framework allows a hacker to escalate their privileges.
The vulnerability of the AhciBusDxe driver used by the InsydeH2O UEFI firmware creation framework lies in the writing of data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to gain increased privileges...
The vulnerability of the AhciBusDxe component in the InsydeH2O UEFI firmware creation framework allows a hacker to execute arbitrary code on the target system.
The vulnerability of the AhciBusDxe component in the InsydeH2O UEFI firmware creation framework is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code on the target system...
CVE-2021-41837
An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to...