24 matches found
CVE-2022-34325
DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe drive...
CVE-2022-34325
DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe drive...
CVE-2021-42113
StorageSecurityCommandDxe in InsydeH2O firmware (Kernel 5.1 before 05.14.28, Kernel 5.2 before 05.24.28, Kernel 5.3 before 05.32.25) contains an SMM callout vulnerability that can hijack execution flow in System Management Mode and escalate privileges to SMM. The issue is fixed in InsydeH2O kerne...
Memory corruption
An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. A StorageSecurityCommandDxe SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to...