36 matches found
CVE-2021-38578
CVE-2021-38578 affects the EDK II (edk2) firmware development environment. The vulnerability arises in existing CommBuffer checks in SmmEntryPoint, where underflow can occur when computing BufferSize. This underflow can lead to a SMM privilege escalation as described in multiple advisories refere...
CVE-2021-38578
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize...
CVE-2021-38578
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize...
CVE-2021-38578
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize...
Tianocore Edk2 缓冲区错误漏洞
Tianocore Edk2 is a cross-platform firmware development environment from the Tianocore community that follows the UEFI and PI specifications.A buffer overflow vulnerability exists in Tianocore Edk2, which stems from an existing CommBuffer check in SmmEntryPoint that does not catch underflow when...
CVE-2020-5956
An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 before 05.15.11, 5.2 before 05.25.11, 5.3 before 05.34.11, and 5.4 before 05.42.11. The software SMI handler allows untrusted external input because it does not verify CommBuffer...
CVE-2020-5956
An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 before 05.15.11, 5.2 before 05.25.11, 5.3 before 05.34.11, and 5.4 before 05.42.11. The software SMI handler allows untrusted external input because it does not verify CommBuffer...
Input validation
An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 before 05.15.11, 5.2 before 05.25.11, 5.3 before 05.34.11, and 5.4 before 05.42.11. The software SMI handler allows untrusted external input because it does not verify CommBuffer...
CVE-2021-41842
An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler lacks a CommBuffer check...
CVE-2020-5956
An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 before 05.15.11, 5.2 before 05.25.11, 5.3 before 05.34.11, and 5.4 before 05.42.11. The software SMI handler allows untrusted external input because it does not verify CommBuffer...
CVE-2020-5956
CVE-2020-5956 affects InsydeInsydeH2O SdLegacySmm: SMI handler in the BIOS/UEFI code does not verify CommBuffer, allowing untrusted input. Affected when kernel 5.1 before 05.15.11, 5.2 before 05.25.11, 5.3 before 05.34.11, or 5.4 before 05.42.11. Documented impact includes partial integrity and n...
CVE-2021-33626
CVE-2021-33626 affects InsydeH2O’s SMM code, specifically the SmmResourceCheckDxe driver, where a SWSMI handler registers without proper validation of the CommBuffer pointer, enabling data corruption in SMRAM and potential arbitrary code execution. Connected vendor disclosures confirm this vulner...
CVE-2020-27339
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and...
CVE-2020-27339
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and...
Code injection
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and...
CVE-2020-27339
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and...