Lucene search
+L

45 matches found

Cvelist
Cvelist
added 2022/02/03 1:20 a.m.24 views

CVE-2021-41840

An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere...

8.5AI score0.00301EPSS
Exploits0References4
CVE
CVE
added 2022/02/03 1:20 a.m.87 views

CVE-2021-41840

CVE-2021-41840 affects InsydeH2O-based firmware, specifically the NvmExpressDxe driver in kernel 5.0–5.5. A System Management Mode (SMM) callout flaw allows an attacker to access SMM and execute arbitrary code due to untrusted control-sphere handling. The vulnerability can enable local privilege ...

8.2CVSS8.2AI score0.00301EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2021/06/16 4:15 p.m.37 views

CVE-2020-27339

In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and...

7.2CVSS0.00317EPSS
Exploits0References4
OSV
OSV
added 2021/06/16 4:15 p.m.7 views

CVE-2020-27339

In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and...

6.7CVSS6.6AI score0.00317EPSS
Exploits0References4
Prion
Prion
added 2021/06/16 4:15 p.m.29 views

Code injection

In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and...

7.2CVSS6.9AI score0.00317EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder