Lucene search
K

132 matches found

NVD
NVD
added 2022/11/15 12:15 a.m.27 views

CVE-2022-33983

DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressLegacy driver could cause SMRA...

7CVSS0.00158EPSS
Exploits0References2
NVD
NVD
added 2022/11/15 12:15 a.m.32 views

CVE-2022-33984

DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdMmcDevice driver could cause SMRAM corrupti...

7CVSS0.00151EPSS
Exploits0References3
NVD
NVD
added 2022/11/15 12:15 a.m.31 views

CVE-2022-33909

DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the HddPassword driver could cause SMRAM corrupti...

7CVSS0.00132EPSS
Exploits0References2
NVD
NVD
added 2022/11/15 12:15 a.m.23 views

CVE-2022-33986

DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the driver VariableRuntimeDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption...

6.4CVSS0.00132EPSS
Exploits0References2
NVD
NVD
added 2022/11/15 12:15 a.m.21 views

CVE-2022-33985

DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressDxe driver could cause SMRAM...

7CVSS0.00132EPSS
Exploits0References2
NVD
NVD
added 2022/11/15 12:15 a.m.23 views

CVE-2022-30774

DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used a TOCTOU attack DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checke...

6.4CVSS0.00151EPSS
Exploits0References3
Prion
Prion
added 2022/11/15 12:15 a.m.21 views

Code injection

DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used a TOCTOU attack DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checke...

3.4CVSS6.6AI score0.00151EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/11/15 12:15 a.m.28 views

Memory corruption

Update description and links DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption through a TOCTOU attack.. "DMA transactions which are targeted at input buffers used for the software SMI handl...

3.4CVSS6.6AI score0.00151EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/11/15 12:15 a.m.23 views

Design/Logic Flaw

DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the driver VariableRuntimeDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption...

3.4CVSS6.3AI score0.00132EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/11/15 12:15 a.m.22 views

Information disclosure

DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressDxe driver could cause SMRAM...

3.5CVSS6.8AI score0.00132EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/11/15 12:15 a.m.22 views

Design/Logic Flaw

DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption a TOCTOU attack DMA transactions which are targeted at input buffers used for the software SMI handler used by the SmmResourceCheckDxe driver could cause SMRAM...

3.4CVSS6.4AI score0.00132EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/11/15 12:15 a.m.25 views

Hardcoded credentials

DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdHostDriver driver could cause SMRAM...

3.5CVSS6.8AI score0.00132EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/11/15 12:15 a.m.22 views

Design/Logic Flaw

DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdMmcDevice driver could cause SMRAM corrupti...

3.5CVSS6.8AI score0.00151EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/11/15 12:15 a.m.18 views

Design/Logic Flaw

DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the HddPassword driver could cause SMRAM corrupti...

3.5CVSS6.8AI score0.00132EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/11/15 12:15 a.m.23 views

Information disclosure

DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressLegacy driver could cause SMRA...

3.5CVSS6.8AI score0.00158EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.34 views

CVE-2022-29276

SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18...

8.5AI score0.00193EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.33 views

CVE-2022-30771

Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineering during a security review. Fixed in:...

8.5AI score0.00193EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.30 views

CVE-2022-29275

In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 Kernel 5.1: versi...

8.6AI score0.00193EPSS
Exploits0References2
CVE
CVE
added 2022/11/15 12:0 a.m.56 views

CVE-2022-30283

The CVE-2022-30283 issue affects UsbCoreDxe where DMA-tampering of the USB working buffer during certain USB transactions can trigger a TOCTOU race, allowing potential SMRAM corruption and privilege escalation. The root cause is that the SMM code sanitizes pointers to the working buffer but may p...

7.5CVSS7.9AI score0.00135EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/11/15 12:0 a.m.82 views

CVE-2022-29278

The CVE-2022-29278 entry involves the NvmExpressDxe driver with incorrect pointer checks that can allow tampering with SMRAM and OS memory. This vulnerability is documented across multiple security trackers (e.g., Insyde InsydeH2O BIOS context) and is tied to specific fixed kernel versions: 5.1 -...

8.2CVSS8.1AI score0.00193EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder