610 matches found
CVE-2022-33906
DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the FwBlockServiceSmm driver could cause...
CVE-2022-34325
DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe drive...
CVE-2022-33983
DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressLegacy driver could cause SMRA...
CVE-2022-33907
DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cau...
CVE-2022-33983
CVE-2022-33983 describes a TOCTOU DMA attack affecting the NvmExpressLegacy SMI handler used by the NvmExpressLegacy driver, potentially enabling SMRAM corruption. The issue is triggered by DMA transactions targeting input buffers for the software SMI handler, with the root cause tied to TOCTOU c...
CVE-2022-33984
The CVE-2022-33984 entry describes a TOCTOU DMA vulnerability affecting the SdMmcDevice SMI handler that can corrupt SMRAM. Connected sources expand to multiple TOCTOU flaws in Insyde-managed firmware (various SMI handlers such as SdHostDriver, FvbServicesRuntimeDxe, IdeBusDxe) with CVEs 2022-307...
PT-2022-21898 · Insyde · Insydeh2O Uefi Firmware
Name of the Vulnerable Software and Affected Versions: InsydeH2O UEFI firmware kernel versions prior to 5.2: 05.27.23 InsydeH2O UEFI firmware kernel versions prior to 5.3: 05.36.23 InsydeH2O UEFI firmware kernel versions prior to 5.4: 05.44.23 InsydeH2O UEFI firmware kernel versions prior to 5.5:...
CVE-2022-33983
DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressLegacy driver could cause SMRA...
CVE-2022-33982
CVE-2022-33982 concerns a DMA-based TOCTOU vulnerability in the Int15ServiceSmm software SMI handler. The parameter buffer accessed by the SMI handler is susceptible to DMA manipulation, allowing an attacker to alter values after they are checked but before use, potentially causing SMRAM corrupti...
PT-2022-21946 · Insyde · Insydeh2O Uefi Firmware
Name of the Vulnerable Software and Affected Versions: InsydeH2O UEFI firmware kernel versions prior to 5.2: 05.27.25 InsydeH2O UEFI firmware kernel versions prior to 5.3: 05.36.25 InsydeH2O UEFI firmware kernel versions prior to 5.4: 05.44.25 InsydeH2O UEFI firmware kernel versions prior to 5.5:...
PT-2022-21897 · Insyde · Ahcibusdxe
Name of the Vulnerable Software and Affected Versions: AhciBusDxe driver versions prior to kernel 5.2: 05.27.23 AhciBusDxe driver versions prior to kernel 5.3: 05.36.23 AhciBusDxe driver versions prior to kernel 5.4: 05.44.23 AhciBusDxe driver versions prior to kernel 5.5: 05.52.23 Description: T...
PT-2022-21192 · Insyde · Insydeh2O Uefi Firmware
Name of the Vulnerable Software and Affected Versions: InsydeH2O UEFI firmware versions prior to Kernel 5.2: 05.27.23 InsydeH2O UEFI firmware versions prior to Kernel 5.3: 05.36.23 InsydeH2O UEFI firmware versions prior to Kernel 5.4: 05.44.23 InsydeH2O UEFI firmware versions prior to Kernel 5.5:...
CVE-2022-33908
DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdHostDriver driver could cause SMRAM...
PT-2022-20634 · Insyde · Fvbservicesruntimedxe
Name of the Vulnerable Software and Affected Versions: FvbServicesRuntimeDxe driver versions prior to Kernel 5.2: 05.27.21 FvbServicesRuntimeDxe driver versions prior to Kernel 5.3: 05.36.21 FvbServicesRuntimeDxe driver versions prior to Kernel 5.4: 05.44.21 FvbServicesRuntimeDxe driver versions...
CVE-2022-34325
DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe drive...
CVE-2022-33906
TOCTOU vulnerability CVE-2022-33906 affects the input buffers used by the FwBlockServiceSmm software SMI handler in InsydeH2O UEFI firmware. DMA to these buffers can race with checks, potentially causing SMRAM corruption. Documented instances reference Siemens RuggedCom APE1808 platforms with Ins...
CVE-2022-32267
CVE-2022-32267 concerns DMA targeting input buffers used by the SmmResourceCheckDxe SMI handler in InsydeH2O UEFI firmware, leading to SMRAM corruption via a TOCTOU vulnerability. The issue, discovered by Insyde engineering, is mitigated by kernel updates: Kernel 5.2 (05.27.23), 5.3 (05.36.23), 5...
CVE-2022-33909
CVE-2022-33909 is a TOCTOU-related DMA vulnerability affecting the HddPassword SMI handler in InsydeH2O firmware. The issue arises from DMA transactions targeting input buffers used by the software SMI handler, potentially allowing SMRAM corruption. Public documentation confirms a fix was applied...
CVE-2022-33907
CVE-2022-33907 describes a TOCTOU vulnerability in the SMI handler input buffers of the InsydeH2O IdeBusDxe driver. DMA accesses targeting these buffers could lead to SMRAM corruption. The issue is recorded with a base CVSSv3.1 base score of 6.4 (LOCAL, HIGH complexity, HIGH privileges required) ...
CVE-2022-33906
DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the FwBlockServiceSmm driver could cause...