Lucene search
K

123 matches found

Cvelist
Cvelist
added 2023/02/15 12:0 a.m.33 views

CVE-2022-32473

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the HddPassword shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU...

7.5AI score0.00132EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/02/15 12:0 a.m.14 views

CVE-2022-32954

An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 5.5. DMA attacks on the SdMmcDevice buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU...

7.3AI score0.00132EPSS
Exploits0References2
CVE
CVE
added 2023/02/15 12:0 a.m.70 views

CVE-2022-32474

CVE-2022-32474 affects InsydeH2O BIOS (InsydeH2O kernel 5.0–5.5). The issue is a TOCTOU race in the DMA path on the StorageSecurityCommandDxe shared buffer used by SMM and non-SMM code, which can lead to SMRAM corruption and privilege escalation. The root cause involves a race between memory chec...

7CVSS7.3AI score0.00132EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/02/15 12:0 a.m.79 views

CVE-2022-32954

The CVE-2022-32954 issue affects Insyde InsydeH2O BIOS (kernel 5.1–5.5). Description and connected sources confirm a TOCTOU race condition via DMA on SdMmcDevice buffer used by SMM and non-SMM code, risking SMRAM corruption and privilege escalation. Impacts are locally exploitable and context-spe...

7CVSS7.3AI score0.00132EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/02/15 12:0 a.m.37 views

CVE-2022-32477

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FvbServicesRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated...

7.5AI score0.00132EPSS
Exploits0References2
CVE
CVE
added 2023/02/15 12:0 a.m.76 views

CVE-2022-32478

CVE-2022-32478 concerns InsydeH2O firmware (kernel 5.0–5.5). A DMA-driven TOCTOU race in the IdeBusDxe shared buffer used by SMM and non-SMM code could lead to SMRAM corruption and privilege escalation. Documented mitigations include enabling IOMMU protection for the ACPI runtime memory that back...

7CVSS7.3AI score0.00132EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/15 12:0 a.m.8 views

CVE-2022-32473

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the HddPassword shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU...

7.4AI score0.00132EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/15 12:0 a.m.37 views

CVE-2022-32474

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the StorageSecurityCommandDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigat...

7.5AI score0.00132EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/02/15 12:0 a.m.7 views

CVE-2022-32470

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FwBlockServiceSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using...

8AI score0.00132EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/02/15 12:0 a.m.6 views

PT-2023-13062 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O versions 5.0 through 5.5 Description: An issue was discovered in Insyde InsydeH2O where DMA attacks on the PnpSmm shared buffer could cause TOCTOU race-condition issues, leading to corruption of SMRAM and escalation of...

7CVSS7.3AI score0.00132EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/02/15 12:0 a.m.11 views

CVE-2022-32476

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the AhciBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU...

7.4AI score0.00132EPSS
Exploits0References2
NVD
NVD
added 2022/11/15 12:15 a.m.23 views

CVE-2022-33986

DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the driver VariableRuntimeDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption...

6.4CVSS0.00132EPSS
Exploits0References2
Prion
Prion
added 2022/11/15 12:15 a.m.21 views

Code injection

DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used a TOCTOU attack DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checke...

3.4CVSS6.6AI score0.00151EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/11/15 12:15 a.m.23 views

Design/Logic Flaw

DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the driver VariableRuntimeDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption...

3.4CVSS6.3AI score0.00132EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/11/14 11:15 p.m.24 views

CVE-2022-33982

DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buffer used by the software SMI handler used by the driver Int15ServiceSmm could lead to a TOCTOU...

6.4CVSS0.00151EPSS
Exploits0References3
NVD
NVD
added 2022/11/14 10:15 p.m.26 views

CVE-2022-32266

DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the...

6.4CVSS0.00174EPSS
Exploits0References2
NVD
NVD
added 2022/11/14 10:15 p.m.24 views

CVE-2022-30773

DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used a TOCTOU attack. DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been...

6.4CVSS0.00132EPSS
Exploits0References2
Prion
Prion
added 2022/11/14 10:15 p.m.30 views

Code injection

DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used a TOCTOU attack. DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been...

3.4CVSS6.3AI score0.00132EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/11/14 10:15 p.m.21 views

Race condition

DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the...

3.4CVSS6.2AI score0.00174EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/14 12:0 a.m.8 views

CVE-2022-33986

DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the driver VariableRuntimeDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption...

7.2AI score0.00132EPSS
Exploits0References2
Rows per page
Query Builder