CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2022/11/14 12:0 a.m.•66 views

CVE-2022-34325

CVE-2022-34325 affects InsydeH2O StorageSecurityCommandDxe in UEFI BIOS/firmware. The issue is a TOCTOU race condition where DMA transactions targeting input buffers used by the StorageSecurityCommandDxe SMI handler can lead to SMRAM corruption. Affected component appears to be the StorageSecurit...

7.8CVSS7.7AI score0.00038EPSS

Vulnrichment•added 2022/11/14 12:0 a.m.•6 views

CVE-2022-33985

DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressDxe driver could cause SMRAM...

7.2AI score0.00038EPSS

Cvelist•added 2022/11/14 12:0 a.m.•16 views

CVE-2022-33905

DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM corruption through...

7.1AI score0.00038EPSS

Cvelist•added 2022/11/14 12:0 a.m.•14 views

CVE-2022-33984

DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdMmcDevice driver could cause SMRAM corrupti...

7.1AI score0.0005EPSS

Vulnrichment•added 2022/11/14 12:0 a.m.•4 views

CVE-2022-31243

Update description and links DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption through a TOCTOU attack.. "DMA transactions which are targeted at input buffers used for the software SMI handl...

6.6AI score0.00051EPSS

Cvelist•added 2022/11/14 12:0 a.m.•23 views

CVE-2022-31243

6.8AI score0.00051EPSS

Positive Technologies•added 2022/11/14 12:0 a.m.•2 views

PT-2022-21900 · Insyde · Sdhostdriver

Name of the Vulnerable Software and Affected Versions: SdHostDriver driver versions prior to kernel 5.2: 05.27.25 SdHostDriver driver versions prior to kernel 5.3: 05.36.25 SdHostDriver driver versions prior to kernel 5.4: 05.44.25 SdHostDriver driver versions prior to kernel 5.5: 05.52.25...

7CVSS6.7AI score0.00038EPSS

CVE•added 2022/11/14 12:0 a.m.•65 views

CVE-2022-33905

CVE-2022-33905 describes a TOCTOU vulnerability in the AhciBusDxe driver’s SMI input buffers, where DMA targeting those buffers could cause SMRAM corruption. The issue, attributed to Insyde engineering with Intel’s iSTARE context, is fixed in Linux kernels: 5.2 (05.27.23), 5.3 (05.36.23), 5.4 (05...

7CVSS6.9AI score0.00038EPSS

Cvelist•added 2022/11/14 12:0 a.m.•17 views

CVE-2022-33908

DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdHostDriver driver could cause SMRAM...

7.1AI score0.00038EPSS

Positive Technologies•added 2022/11/14 12:0 a.m.•2 views

PT-2022-21947 · Insyde · Nvmexpressdxe

Name of the Vulnerable Software and Affected Versions: NvmExpressDxe driver versions prior to kernel 5.2: 05.27.25 NvmExpressDxe driver versions prior to kernel 5.3: 05.36.25 NvmExpressDxe driver versions prior to kernel 5.4: 05.44.25 NvmExpressDxe driver versions prior to kernel 5.5: 05.52.25...

7CVSS6.9AI score0.00038EPSS

Exploits0References5

Vulnrichment•added 2022/11/14 12:0 a.m.•4 views

CVE-2022-33905

7.2AI score0.00038EPSS

Cvelist•added 2022/11/14 12:0 a.m.•13 views

CVE-2022-33909

DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the HddPassword driver could cause SMRAM corrupti...

7.1AI score0.00038EPSS

CVE•added 2022/11/14 12:0 a.m.•65 views

CVE-2022-33908

CVE-2022-33908 affects the SdHostDriver SMI handler: DMA targeted at input buffers can cause SMRAM corruption via a TOCTOU race condition. The issue is caused by TOCTOU in DMA handling of the SdHostDriver software SMI input buffers. Affected software/hardware is described in the Siemens/Insyde ma...

7CVSS6.8AI score0.00038EPSS

CVE•added 2022/11/14 12:0 a.m.•78 views

CVE-2022-31243

CVE-2022-31243 describes a TOCTOU race condition affecting the FvbServicesRuntimeDxe driver, where DMA transactions targeting input buffers used by the software SMI handler could cause SMRAM corruption. The issue is part of a broader family of TOCTOU vulnerabilities (multiple CVEs) related to Ins...

6.4CVSS6.5AI score0.00051EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2022/11/14 12:0 a.m.•3 views

CVE-2022-33909

7AI score0.00038EPSS

Cvelist•added 2022/11/14 12:0 a.m.•18 views

CVE-2022-33982

DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buffer used by the software SMI handler used by the driver Int15ServiceSmm could lead to a TOCTOU...

6.6AI score0.00051EPSS

Vulnrichment•added 2022/11/14 12:0 a.m.•6 views

CVE-2022-33982

7.2AI score0.00051EPSS

Positive Technologies•added 2022/11/14 12:0 a.m.•2 views

PT-2022-21944 · Insyde · Int15Servicesmm

Name of the Vulnerable Software and Affected Versions: Int15ServiceSmm software SMI handler versions prior to Kernel 5.2: 05.27.23 Int15ServiceSmm software SMI handler versions prior to Kernel 5.3: 05.36.23 Int15ServiceSmm software SMI handler versions prior to Kernel 5.4: 05.44.23 Int15ServiceSm...

6.4CVSS6.4AI score0.00051EPSS

Exploits0References6

Vulnrichment•added 2022/11/14 12:0 a.m.•8 views

CVE-2022-33984

7.2AI score0.0005EPSS