Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32471)

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. The IhisiDxe driver uses the command buffer to pass input and output data. By modifying the command buffer contents with DMA after the input parameters have been checked but before they are used, the IHISI SMM co...

PT-2023-13064 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O with kernel versions 5.0 through 5.5 Description: An issue was discovered in IhisiSmm where the IhisiDxe driver uses a command buffer to pass input and output data. By modifying the command buffer contents with DMA after inpu...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a C-language source from Insyde Corporation of Taiwan, which implements the new technology "EFI/UEFI" specification designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in IhisiSmm in Insyde InsydeH2O with kernel versions 5.0...