Lucene search
K

142 matches found

Prion
Prion
added 2022/11/15 9:15 p.m.20 views

Buffer overflow

In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges The UsbCoreDxe module creates a working buffer for USB...

3.4CVSS8.3AI score0.00135EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.30 views

CVE-2022-30772

Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrit...

7.9AI score0.00193EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.33 views

CVE-2022-29276

SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18...

8.5AI score0.00193EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.30 views

CVE-2022-29275

In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 Kernel 5.1: versi...

8.6AI score0.00193EPSS
Exploits0References2
CVE
CVE
added 2022/11/15 12:0 a.m.56 views

CVE-2022-30283

The CVE-2022-30283 issue affects UsbCoreDxe where DMA-tampering of the USB working buffer during certain USB transactions can trigger a TOCTOU race, allowing potential SMRAM corruption and privilege escalation. The root cause is that the SMM code sanitizes pointers to the working buffer but may p...

7.5CVSS7.9AI score0.00135EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/11/15 12:0 a.m.70 views

CVE-2022-29276

CVE-2022-29276 affects the AhciBusDxe SMI handling, where untrusted inputs can lead to SMRAM corruption. The issue is documented across multiple sources (NVD, Red Hat, PRION/PTSecurity entries) and is tied to the AhciBusDxe component prior to specific kernel revisions. Reported root cause: SMI fu...

8.2CVSS8.2AI score0.00193EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/11/14 12:0 a.m.33 views

CVE-2022-32266

DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the...

6.5AI score0.00174EPSS
Exploits0References2
NVD
NVD
added 2022/09/28 4:15 p.m.26 views

CVE-2022-36448

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver...

8.2CVSS0.0032EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/09/28 3:50 p.m.31 views

CVE-2022-36448

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver...

8.5AI score0.0032EPSS
Exploits1References3
NVD
NVD
added 2022/09/23 7:15 p.m.28 views

CVE-2022-35893

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM...

8.2CVSS0.00219EPSS
Exploits0References3
Prion
Prion
added 2022/09/23 7:15 p.m.21 views

Memory corruption

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM...

4CVSS8.7AI score0.00219EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/09/23 6:15 p.m.19 views

CVE-2022-36338

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then...

8.2CVSS0.00429EPSS
Exploits1References3
CVE
CVE
added 2022/09/23 6:1 p.m.73 views

CVE-2022-35893

The CVE-2022-35893 issue affects Insyde InsydeH2O (kernel 5.0–5.5). A memory corruption fault in the FvbServicesRuntimeDxe driver permits writes to SMRAM, enabling escalation to SMM. Public details indicate the vulnerability resides in InsydeH2O and is associated with SMM memory corruption, with ...

8.2CVSS8.1AI score0.00219EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/09/23 5:17 p.m.66 views

CVE-2022-36338

CVE-2022-36338 (Siemens InsydeH2O) affects InsydeH2O BIOS/firmware (kernel 5.0–5.5). The issue is an SMM callout vulnerability in the SMM driver FwBlockServiceSmm that creates SMM and allows arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with ma...

8.2CVSS8.2AI score0.00429EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2022/09/22 6:15 p.m.31 views

CVE-2022-35894

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure...

6CVSS0.00311EPSS
Exploits1References3
Prion
Prion
added 2022/09/22 6:15 p.m.15 views

Information disclosure

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure...

1.4CVSS6.3AI score0.00311EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2022/09/22 5:7 p.m.69 views

CVE-2022-35894

CVE-2022-35894 affects Insyde InsydeH2O BIOS (kernel versions 5.0–5.5). The vulnerability stems from the SMI handler for the FwBlockServiceSmm driver using an untrusted pointer as the destination to copy data, enabling information disclosure to an attacker-controlled buffer. Public sources consis...

6CVSS5.5AI score0.00311EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/09/22 5:7 p.m.32 views

CVE-2022-35894

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure...

5.8AI score0.00311EPSS
Exploits1References3
Prion
Prion
added 2022/09/22 4:15 p.m.17 views

Code injection

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver in UsbLegacyControlSmm leads to possible arbitrary code execution in SMM and escalation of privileges. An attacker could overwrite the function pointers in the EFIBOOTSERVICES...

4CVSS8.3AI score0.0034EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2022/09/22 3:35 p.m.64 views

CVE-2022-35408

CVE-2022-35408 affects Insyde InsydeH2O BIOS (versions 5.0–5.5). A vulnerability in the UsbLegacyControlSmm SMM driver enables arbitrary code execution in SMM and privilege escalation by overwriting EFI_BOOT_SERVICES pointers before the USB SMI handler runs; this is not exploitable from OS code. ...

8.2CVSS8.4AI score0.0034EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder