Lucene search
K

4 matches found

CNNVD
CNNVD
added 2023/04/11 12:0 a.m.5 views

Insyde InsydeH2O 缓冲区错误漏洞

Insyde InsydeH2O is a C-language source from Insyde Corporation of Taiwan, which implements the new technology "EFI/UEFI" specification designed to replace the legacy BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O with kernel versions 5.0 to 5.5, which...

8.8CVSS8AI score0.00378EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/04/10 12:0 a.m.5 views

PT-2023-2444 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: InsydeH2O versions 5.0 through 5.5 Description: The issue is related to insufficient input validation in BIOS Guard updates, which can lead to memory corruption in SMM. An attacker can exploit this by supplying malformed inputs to the BIOS...

8.8CVSS7.1AI score0.00378EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2023/04/10 12:0 a.m.4 views

PT-2023-2392 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O with kernel versions 5.0 through 5.5 Description: An issue was discovered in IhisiSmm that may corrupt SMRAM. An attacker can pass an address in the RCX save state register that overlaps SMRAM, coercing an IHISI subfunction...

8.4CVSS7.9AI score0.00204EPSS
Exploits0References6
OSV
OSV
added 2022/09/23 6:15 p.m.3 views

CVE-2022-36338

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then...

8.2CVSS6AI score0.00429EPSS
Exploits1References3
Rows per page
Query Builder