Insyde InsydeH2O 缓冲区错误漏洞

Insyde InsydeH2O is a C-language source from Insyde Corporation of Taiwan, which implements the new technology "EFI/UEFI" specification designed to replace the legacy BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O with kernel versions 5.0 to 5.5, which...

PT-2023-2392 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O with kernel versions 5.0 through 5.5 Description: An issue was discovered in IhisiSmm that may corrupt SMRAM. An attacker can pass an address in the RCX save state register that overlaps SMRAM, coercing an IHISI subfunction...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a C source from Insyde Corporation of Taiwan, which implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O with kernel versions 5.0 through 5.5. An attacker...

CVE-2022-36338

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then...

CVE-2022-35893

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM...