610 matches found
PT-2023-26865 · Insyde · Insydeh2O
Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O versions 5.0 through 5.5 Description: A memory corruption vulnerability in the SMM driver SMRAM write in CsmInt10HookSmm allows attackers to send arbitrary data to SMM, which could lead to privilege escalation. The...
CVE-2023-39283
An SMM memory corruption vulnerability in the SMM driver SMRAM write in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation...
CVE-2023-39283
An SMM memory corruption vulnerability in the SMM driver SMRAM write in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation...
Siemens InsydeH2O Out-of-bounds Write (CVE-2022-35895)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The FwBlockSericceSmm driver does not properly validate input parameters for a software SMI routine, leading to memory corruption of arbitrary addresses including SMRAM, and possible arbitrary code execution. Insyde BIOS is...
Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32954)
An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 5.5. DMA attacks on the SdMmcDevice buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU...
Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32470)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FwBlockServiceSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using...
Siemens InsydeH2O Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2021-33627)
An issue was discovered in Insyde InsydeH2O 5.x, affecting FwBlockServiceSmm. Software SMI services that use the Communicate function of the EFISMMCOMMUNICATIONPROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses Insyde BIOS is...
Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32955)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the NvmExpressDxe buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU...
Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32476)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the AhciBusDxe shared buffer used by SMM and non- SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU...
Siemens InsydeH2O Out-of-bounds Write (CVE-2023-22613)
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption. Insyde BIOS is typically...
Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32469)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the PnpSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU...
Siemens InsydeH2O Insufficient Input Validation (CVE-2023-22616)
An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register is not checked before use. The IhisiSmm driver does not check the value of a save state register before use. Due to insufficient input validation, an attacker can corrupt SMRAM. Insyde BIOS is typical...
Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32477)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FvbServicesRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated...
Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32473)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the HddPassword shared buffer used by SMM and non- SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMM...
Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32478)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the IdeBusDxe shared buffer used by SMM and non- SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU...
Siemens InsydeH2O Improper Input Validation (CVE-2023-27373)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM. Insyde BIOS is typically used in RUGGEDCOM APE products and some SIMATIC...
Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32474)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the StorageSecurityCommandDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigat...
Siemens InsydeH2O Improper Input Validation (CVE-2022-35896)
An issue SMM memory leak vulnerability in SMM driver SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of SMRAM, leading to information disclosure. Insyde...
Siemens InsydeH2O Out-of-bounds Write (CVE-2021-43522)
An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. A StorageSecurityCommandDxe SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to...
Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-34325)
DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe drive...