Siemens InsydeH2O Out-of-bounds Write (CVE-2021-45969)

An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM System Management Mode branch that registers a SWSMI handler that does not...

SUSE CVE-2014-0198

The dossl3write function in s3pkt.c in OpenSSL 1.x through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via vectors...

CVE-2022-32955

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the NvmExpressDxe buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU...

A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service condition or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0.

...

QEMU Resource Management Error Vulnerability (CNVD-2022-84160)

QEMU Quick Emulator is a set of emulation processor software by Fabrice Bellard, a French personal developer. A denial of service vulnerability exists in versions prior to QEMU 7.0.0, which stems from EHCI's failure to verify that the buffer pointer overlaps with its MMIO region when transferring...

Design/Logic Flaw

A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions such as reset whi...

CVE-2021-3750

A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions such as reset whi...

CVE-2021-3750

A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions such as reset whi...

CVE-2022-25821

Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read...

CVE-2022-25821

Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read...

Design/Logic Flaw

Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read...

CVE-2022-25821

Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read...

CVE-2021-45971

An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM System Management Mode branch that registers a SWSMI handler that does not...

CVE-2021-45969

An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM System Management Mode branch that registers a SWSMI handler that does not...

CVE-2021-45970

An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM System Management Mode branch that registers a SWSMI handler that does not sufficient...

CVE-2021-45971

CVE-2021-45971 affects InsydeH2O’s SdHostDriver in the SMM path. A SWSMI handler registers without adequately validating the CommBufferData buffer, enabling potential SMM memory corruption and, per sources, possible code execution within SMM. Affected kernels: 5.1 before 05.16.25, 5.2 before 05.2...

CVE-2021-45969

An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM System Management Mode branch that registers a SWSMI handler that does not...

CVE-2021-33626

A vulnerability exists in SMM System Management Mode branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointerQWORD values for CommBuffer. This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code executio...

CVE-2021-33626

A vulnerability exists in SMM System Management Mode branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointerQWORD values for CommBuffer. This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code executio...

CVE-2021-33626

CVE-2021-33626 affects InsydeH2O’s SMM code, specifically the SmmResourceCheckDxe driver, where a SWSMI handler registers without proper validation of the CommBuffer pointer, enabling data corruption in SMRAM and potential arbitrary code execution. Connected vendor disclosures confirm this vulner...