CVE-2022-32490

Dell BIOS is affected by an improper input validation vulnerability (CVE-2022-32490). A local authenticated attacker can use an SMI to gain arbitrary code execution in SMRAM. Affected component is Dell BIOS; the root cause is input validation weaknesses enabling SMI-based exploitation with high i...

CVE-2022-34401

CVE-2022-34401 affects Dell BIOS and describes a stack-based buffer overflow in BIOS/SMM. A local authenticated attacker could trigger via System Management Interrupt (SMI) to send oversized input, potentially executing arbitrary code in SMRAM. Multiple connected sources corroborate a local requi...

CVE-2022-34401

Dell BIOS contains a stack based buffer overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter in order to gain arbitrary code execution in SMRAM...

CVE-2022-34460

Prior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM...

CVE-2022-34460

Prior Dell BIOS versions contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM...

CVE-2022-34460

CVE-2022-34460 relates to Dell BIOS prior versions containing an improper input validation vulnerability. A local authenticated attacker can potentially exploit this by using an SMI to gain arbitrary code execution in SMRAM. The problem is rooted in the BIOS, i.e., firmware on a Dell motherboard,...

CVE-2022-34393

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM...

CVE-2022-34393

Dell BIOS on firmware used by Dell motherboards contains an improper input validation vulnerability. The reported issue allows a local, authenticated attacker to potentially gain arbitrary code execution in SMRAM by abusing System Management Interrupts (SMIs). Root cause described as input valida...

PT-2022-36068 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.8 Description: The issue is related to the number of GPRs in the SMRAM image, which depends on the image format. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linu...

CVE-2022-29278

Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during security review. Fixed in: Kernel 5.1: Version...

CVE-2022-29279

Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: versi...

CVE-2022-29276

SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18...

CVE-2022-29277

Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.00...

CVE-2022-29276

SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18...

Null pointer dereference

Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during security review. Fixed in: Kernel 5.1: Version...

Null pointer dereference

Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: versi...

Design/Logic Flaw

SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18...

CVE-2022-30772

Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrit...

CVE-2022-30283

In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges The UsbCoreDxe module creates a working buffer for USB...

CVE-2022-30283

In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges The UsbCoreDxe module creates a working buffer for USB...