Lucene search
K

142 matches found

Prion
Prion
added 2023/02/15 2:15 a.m.26 views

Command injection

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. The IhisiDxe driver uses the command buffer to pass input and output data. By modifying the command buffer contents with DMA after the input parameters have been checked but before they are used, the IHISI SMM co...

3.5CVSS7.9AI score0.00132EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/02/15 12:0 a.m.33 views

CVE-2022-32470

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FwBlockServiceSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using...

7.5AI score0.00132EPSS
Exploits0References2
CVE
CVE
added 2023/02/15 12:0 a.m.72 views

CVE-2022-32471

CVE-2022-32471 affects InsydeH2O IhisiSmm via the IhisiDxe driver. The command buffer is used to pass input/output data; DMA can modify the command buffer contents after input checks but before use, potentially altering SMRAM or OS and causing data corruption or privilege escalation. Affected is ...

7CVSS7.3AI score0.00132EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/02/15 12:0 a.m.71 views

CVE-2022-32953

CVE-2022-32953 affects Insyde InsydeH2O BIOS (kernel 5.0–5.5). DMA-based TOCTOU on the SdHostDriver buffer in SMM and non-SMM code could corrupt SMRAM and escalate privileges. Mitigations per the sources include enabling IOMMU protection for the ACPI runtime memory used for the command buffer and...

7CVSS7.3AI score0.00132EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/02/15 12:0 a.m.38 views

CVE-2022-32953

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the SdHostDriver buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU...

7.5AI score0.00132EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/15 12:0 a.m.28 views

CVE-2022-32476

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the AhciBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU...

7.5AI score0.00132EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/15 12:0 a.m.28 views

CVE-2022-32955

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the NvmExpressDxe buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU...

7.5AI score0.00132EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/02/15 12:0 a.m.31 views

CVE-2022-32471

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. The IhisiDxe driver uses the command buffer to pass input and output data. By modifying the command buffer contents with DMA after the input parameters have been checked but before they are used, the IHISI SMM co...

7.6AI score0.00132EPSS
Exploits0References2
CVE
CVE
added 2023/02/15 12:0 a.m.76 views

CVE-2022-32478

CVE-2022-32478 concerns InsydeH2O firmware (kernel 5.0–5.5). A DMA-driven TOCTOU race in the IdeBusDxe shared buffer used by SMM and non-SMM code could lead to SMRAM corruption and privilege escalation. Documented mitigations include enabling IOMMU protection for the ACPI runtime memory that back...

7CVSS7.3AI score0.00132EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/02/15 12:0 a.m.37 views

CVE-2022-32474

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the StorageSecurityCommandDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigat...

7.5AI score0.00132EPSS
Exploits0References2
NVD
NVD
added 2022/11/23 3:15 a.m.36 views

CVE-2022-36337

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code...

8.2CVSS0.00214EPSS
Exploits0References2
NVD
NVD
added 2022/11/22 2:15 a.m.27 views

CVE-2022-35407

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the...

7.8CVSS0.0023EPSS
Exploits0References2
Prion
Prion
added 2022/11/22 2:15 a.m.18 views

Stack overflow

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the...

4.3CVSS7.9AI score0.0023EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/11/22 12:0 a.m.27 views

CVE-2022-35407

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the...

8.1AI score0.0023EPSS
Exploits0References2
Prion
Prion
added 2022/11/21 5:15 p.m.17 views

Stack overflow

An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally...

4.6CVSS7.2AI score0.00357EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/11/21 12:0 a.m.23 views

CVE-2022-35897

An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally...

7.5AI score0.00357EPSS
Exploits0References2
NVD
NVD
added 2022/11/15 10:15 p.m.38 views

CVE-2022-29279

Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: versi...

8.2CVSS0.00193EPSS
Exploits0References2
NVD
NVD
added 2022/11/15 10:15 p.m.32 views

CVE-2022-29276

SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18...

8.2CVSS0.00193EPSS
Exploits0References2
Prion
Prion
added 2022/11/15 10:15 p.m.25 views

Null pointer dereference

Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: versi...

4CVSS8.1AI score0.00193EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/11/15 9:15 p.m.35 views

CVE-2022-29275

In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 Kernel 5.1: versi...

8.2CVSS0.00193EPSS
Exploits0References2
Rows per page
Query Builder