Lucene search
+L

132 matches found

cve
cve
added 2022/02/03 1:59 a.m.85 views

CVE-2022-24031

CVE-2022-24031 affects InsydeH2O’s NvmExpressDxe driver across kernel 5.1–5.5, enabling an SMM memory corruption that could allow an attacker to write fixed or predictable data to SMRAM and escalate to SMM privileges. The related Nessus/Tenable entry, CERT/CC advisories, and vendor communications...

8.2CVSS8.1AI score0.00279EPSS
Exploits0References5Affected Software1
cve
cve
added 2022/02/03 1:50 a.m.89 views

CVE-2021-43323

CVE-2021-43323 affects InsydeH2O UsbCoreDxe in multiple InsydeH2O kernel revisions. Root cause: an SMM callout vulnerability allows hijacking execution flow inside System Management Mode, potentially escalating privileges to SMM. Affected: Insyde InsydeH2O with kernels 5.5 before 05.51.45, 5.4 be...

8.2CVSS8AI score0.00351EPSS
Exploits0References4Affected Software1
cve
cve
added 2022/02/03 1:37 a.m.89 views

CVE-2021-41839

CVE-2021-41839 affects the InsydeH2O/ NvmExpressDxe driver in kernel versions 5.0–5.5. The root cause is an Untrusted Pointer Dereference that can corrupt SMM memory (SMRAM), enabling a local attacker to escalate privileges to System Management Mode. Public records describe the issue as a SMM mem...

8.2CVSS7.9AI score0.00274EPSS
Exploits0References5Affected Software1
cve
cve
added 2022/02/03 1:20 a.m.86 views

CVE-2021-41840

CVE-2021-41840 affects InsydeH2O-based firmware, specifically the NvmExpressDxe driver in kernel 5.0–5.5. A System Management Mode (SMM) callout flaw allows an attacker to access SMM and execute arbitrary code due to untrusted control-sphere handling. The vulnerability can enable local privilege ...

8.2CVSS8.2AI score0.00301EPSS
Exploits0References5Affected Software1
cve
cve
added 2022/02/03 1:16 a.m.103 views

CVE-2022-24030

CVE-2022-24030 affects InsydeH2O’s AhciBusDxe driver. The issue is an SMM memory corruption vulnerability in kernel 5.1–5.5 that allows writing fixed or predictable data to SMRAM, enabling privilege escalation to System Management Mode. Affected kernel/workload context is local with no user inter...

7.5CVSS7.6AI score0.00302EPSS
Exploits0References5Affected Software1
cve
cve
added 2022/02/03 1:4 a.m.81 views

CVE-2021-41841

CVE-2021-41841 affects the InsydeH2O AhciBusDxe driver. Affected kernel range is InsydeH2O 5.x. The issue is a SMM callout that can let a local attacker access System Management Mode and execute arbitrary code. Remediation per vendor/plugin details: fixed in InsydeH2O kernel releases, e.g., Kerne...

8.2CVSS8.2AI score0.00301EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 2022/02/03 1:4 a.m.24 views

CVE-2021-41841

An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere...

8.5AI score0.00301EPSS
Exploits0References4
nvd
nvd
added 2022/01/06 12:15 a.m.24 views

CVE-2021-41842

An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler lacks a CommBuffer check...

9.8CVSS0.01534EPSS
Exploits0References2
osv
osv
added 2021/02/17 2:15 p.m.2 views

DEBIAN-CVE-2020-12362

Integer overflow in the firmware for some IntelR Graphics Drivers for Windows before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access...

7.8CVSS6.3AI score0.00359EPSS
Exploits0References1
osv
osv
added 2021/02/17 2:15 p.m.4 views

UBUNTU-CVE-2020-12362

Integer overflow in the firmware for some IntelR Graphics Drivers for Windows before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access...

7.8CVSS6.7AI score0.00359EPSS
Exploits0References3
cvelist
cvelist
added 2021/02/17 12:0 a.m.31 views

CVE-2020-12362

Integer overflow in the firmware for some IntelR Graphics Drivers for Windows before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable an escalation of privilege via local access...

7.7AI score0.00359EPSS
Exploits0References2
debiancve
debiancve
added 2020/07/20 6:54 p.m.43 views

CVE-2020-15852

An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tssinvalidateiobitmap mishandling causes a loss of synchronization between the I/O bitmaps ...

7.8CVSS6.1AI score0.00325EPSS
Exploits0
Rows per page
Query Builder