Lucene search
K

72 matches found

Cvelist
Cvelist
added 2022/11/15 12:0 a.m.30 views

CVE-2022-30772

Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrit...

7.9AI score0.00193EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.23 views

CVE-2022-30283

In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges The UsbCoreDxe module creates a working buffer for USB...

8.1AI score0.00135EPSS
Exploits0References2
CVE
CVE
added 2022/11/15 12:0 a.m.57 views

CVE-2022-30771

CVE-2022-30771 affects InsydeH2O BIOS (5.1–5.5) via an initialization function in PnpSmm that may cause SMRAM corruption when using subsequent PNP SMI functions. Root cause: initialization path in PnpSmm. Impact: potential SMRAM corruption with high confidentiality, integrity, and availability im...

8.2CVSS8.2AI score0.00193EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.33 views

CVE-2022-30771

Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineering during a security review. Fixed in:...

8.5AI score0.00193EPSS
Exploits0References2
CVE
CVE
added 2022/11/15 12:0 a.m.77 views

CVE-2022-30772

Summary: CVE-2022-30772 describes a memory corruption vulnerability in InsydeH2O BIOS/SMM related to the PnpSmm function 0x52. The input address and size passed to the SMBIOS write operation can be manipulated, enabling a malware attacker with local access to potentially overwrite SMRAM or OS ker...

8.2CVSS7.6AI score0.00193EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/11/14 11:15 p.m.39 views

CVE-2022-34325

DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe drive...

7.8CVSS0.00132EPSS
Exploits0References2
NVD
NVD
added 2022/11/14 11:15 p.m.25 views

CVE-2022-33982

DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buffer used by the software SMI handler used by the driver Int15ServiceSmm could lead to a TOCTOU...

6.4CVSS0.00151EPSS
Exploits0References3
Prion
Prion
added 2022/11/14 11:15 p.m.19 views

Hardcoded credentials

DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cau...

3.4CVSS6.5AI score0.00151EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/11/14 10:15 p.m.26 views

CVE-2022-32266

DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the...

6.4CVSS0.00174EPSS
Exploits0References2
OSV
OSV
added 2022/11/14 10:15 p.m.4 views

CVE-2022-30773

DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used a TOCTOU attack. DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been...

6.4CVSS6AI score0.00132EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/14 12:0 a.m.24 views

CVE-2022-33906

DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the FwBlockServiceSmm driver could cause...

6.7AI score0.00151EPSS
Exploits0References3
CVE
CVE
added 2022/11/14 12:0 a.m.70 views

CVE-2022-34325

CVE-2022-34325 affects InsydeH2O StorageSecurityCommandDxe in UEFI BIOS/firmware. The issue is a TOCTOU race condition where DMA transactions targeting input buffers used by the StorageSecurityCommandDxe SMI handler can lead to SMRAM corruption. Affected component appears to be the StorageSecurit...

7.8CVSS7.7AI score0.00132EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/14 12:0 a.m.3 views

CVE-2022-33907

DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cau...

6.5AI score0.00151EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/11/14 12:0 a.m.6 views

CVE-2022-33905

DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM corruption through...

7.2AI score0.00132EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/14 12:0 a.m.40 views

CVE-2022-30773

DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used a TOCTOU attack. DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been...

6.5AI score0.00132EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/14 12:0 a.m.27 views

CVE-2022-30774

DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used a TOCTOU attack DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checke...

6.7AI score0.00151EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/11/14 12:0 a.m.5 views

CVE-2022-33909

DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the HddPassword driver could cause SMRAM corrupti...

7AI score0.00132EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/14 12:0 a.m.31 views

CVE-2022-33908

DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdHostDriver driver could cause SMRAM...

7.1AI score0.00132EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/14 12:0 a.m.28 views

CVE-2022-32267

DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption a TOCTOU attack DMA transactions which are targeted at input buffers used for the software SMI handler used by the SmmResourceCheckDxe driver could cause SMRAM...

6.7AI score0.00132EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/14 12:0 a.m.29 views

CVE-2022-33983

DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressLegacy driver could cause SMRA...

7.1AI score0.00158EPSS
Exploits0References2
Rows per page
Query Builder