CVE-2022-32474

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the StorageSecurityCommandDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigat...

CVE-2022-32477

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FvbServicesRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated...

CVE-2022-32955

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the NvmExpressDxe buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU...

CVE-2022-32470

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FwBlockServiceSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using...

CVE-2022-32954

The CVE-2022-32954 issue affects Insyde InsydeH2O BIOS (kernel 5.1–5.5). Description and connected sources confirm a TOCTOU race condition via DMA on SdMmcDevice buffer used by SMM and non-SMM code, risking SMRAM corruption and privilege escalation. Impacts are locally exploitable and context-spe...

CVE-2022-32478

CVE-2022-32478 concerns InsydeH2O firmware (kernel 5.0–5.5). A DMA-driven TOCTOU race in the IdeBusDxe shared buffer used by SMM and non-SMM code could lead to SMRAM corruption and privilege escalation. Documented mitigations include enabling IOMMU protection for the ACPI runtime memory that back...

CVE-2022-32953

CVE-2022-32953 affects Insyde InsydeH2O BIOS (kernel 5.0–5.5). DMA-based TOCTOU on the SdHostDriver buffer in SMM and non-SMM code could corrupt SMRAM and escalate privileges. Mitigations per the sources include enabling IOMMU protection for the ACPI runtime memory used for the command buffer and...

CVE-2022-32473

CVE-2022-32473 affects InsydeH2O firmware (kernel 5.0–5.5). The issue is a TOCTOU race condition in a DMA path where the HddPassword shared buffer is accessed by SMM and non-SMM code, risking SMRAM corruption and privilege escalation. The underlying vulnerability arises from timing when the firmw...

CVE-2022-32953

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the SdHostDriver buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU...

CVE-2022-32469

CVE-2022-32469 affects Insyde InsydeH2O BIOS (kernel 5.0–5.5). It describes a TOCTOU race condition in the PnpSmm shared buffer used by SMM and non-SMM code, which could enable SMRAM corruption and privilege escalation. The advisory notes mitigations: (1) enable IOMMU protection for the ACPI runt...

PT-2024-11236 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.10.45/5.12.12 Description: The issue arises when memory marked as EFI boot services data is not properly mapped as encrypted under SEV, potentially leading to a kernel crash at boot. This occurs because some...

The vulnerability of the Windows Runtime component of the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Windows Runtime component of the Windows operating system is related to errors in object handling in memory. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created application...

Stack overflow

Certain run-time memory protection mechanisms in the GNU C Library aka glibc or libc6 print argv0 and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program tha...

CVE-2010-3192

Certain run-time memory protection mechanisms in the GNU C Library aka glibc or libc6 print argv0 and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program tha...