610 matches found
CVE-2022-30771
CVE-2022-30771 affects InsydeH2O BIOS (5.1–5.5) via an initialization function in PnpSmm that may cause SMRAM corruption when using subsequent PNP SMI functions. Root cause: initialization path in PnpSmm. Impact: potential SMRAM corruption with high confidentiality, integrity, and availability im...
CVE-2022-29278
The CVE-2022-29278 entry involves the NvmExpressDxe driver with incorrect pointer checks that can allow tampering with SMRAM and OS memory. This vulnerability is documented across multiple security trackers (e.g., Insyde InsydeH2O BIOS context) and is tied to specific fixed kernel versions: 5.1 -...
CVE-2022-30771
Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineering during a security review. Fixed in:...
CVE-2022-29279
Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: versi...
CVE-2022-30283
In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges The UsbCoreDxe module creates a working buffer for USB...
CVE-2022-29278
Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during security review. Fixed in: Kernel 5.1: Version...
PT-2022-20306 · Insyde · Kernel
Name of the Vulnerable Software and Affected Versions: Kernel 5.0 versions prior to 05.09.41 Kernel 5.1 versions prior to 05.17.43 Kernel 5.2 versions prior to 05.27.30 Kernel 5.3 versions prior to 05.36.30 Kernel 5.4 versions prior to 05.44.30 Kernel 5.5 versions prior to 05.52.30 Description:...
PT-2022-19519 · Kernel · Kernel
Name of the Vulnerable Software and Affected Versions: Kernel 5.0 versions prior to 05.09.17 Kernel 5.1 versions prior to 05.17.17 Kernel 5.2 versions prior to 05.27.17 Kernel 5.3 versions prior to 05.36.17 Kernel 5.4 versions prior to 05.44.17 Kernel 5.5 versions prior to 05.52.17 Description: T...
PT-2022-19516 · Insyde · Ahcibusdxe
Name of the Vulnerable Software and Affected Versions: AhciBusDxe versions prior to 05.09.18 AhciBusDxe versions prior to 05.17.18 AhciBusDxe versions prior to 05.27.18 AhciBusDxe versions prior to 05.36.18 AhciBusDxe versions prior to 05.44.18 AhciBusDxe versions prior to 05.52.18 Description: S...
PT-2022-19515 · Kernel · Kernel
Name of the Vulnerable Software and Affected Versions: Kernel 5.0 versions prior to 05.09.21 Kernel 5.1 versions prior to 05.17.21 Kernel 5.2 versions prior to 05.27.21 Kernel 5.3 versions prior to 05.36.21 Kernel 5.4 versions prior to 05.44.21 Kernel 5.5 versions prior to 05.52.21 Description: I...
CVE-2022-29276
SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18...
CVE-2022-30283
The CVE-2022-30283 issue affects UsbCoreDxe where DMA-tampering of the USB working buffer during certain USB transactions can trigger a TOCTOU race, allowing potential SMRAM corruption and privilege escalation. The root cause is that the SMM code sanitizes pointers to the working buffer but may p...
CVE-2022-33982
DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buffer used by the software SMI handler used by the driver Int15ServiceSmm could lead to a TOCTOU...
CVE-2022-34325
DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe drive...
CVE-2022-33982
DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buffer used by the software SMI handler used by the driver Int15ServiceSmm could lead to a TOCTOU...
CVE-2022-33907
DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cau...
Hardcoded credentials
DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cau...
Design/Logic Flaw
DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buffer used by the software SMI handler used by the driver Int15ServiceSmm could lead to a TOCTOU...
Memory corruption
DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe drive...
CVE-2022-33906
DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the FwBlockServiceSmm driver could cause...