Lucene search
K

31 matches found

Vulnrichment
Vulnrichment
added 2022/11/14 12:0 a.m.6 views

CVE-2022-33908

DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdHostDriver driver could cause SMRAM...

6.9AI score0.00132EPSS
Exploits0References2
CVE
CVE
added 2022/11/14 12:0 a.m.69 views

CVE-2022-33908

CVE-2022-33908 affects the SdHostDriver SMI handler: DMA targeted at input buffers can cause SMRAM corruption via a TOCTOU race condition. The issue is caused by TOCTOU in DMA handling of the SdHostDriver software SMI input buffers. Affected software/hardware is described in the Siemens/Insyde ma...

7CVSS6.8AI score0.00132EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/03/01 12:0 a.m.5 views

The vulnerability of the SdHostDriver component in the InsydeH2O UEFI firmware creation framework allows a attacker to execute arbitrary code on the target system.

The vulnerability of the SdHostDriver component in the InsydeH2O UEFI firmware creation framework is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code on the target system...

8.2CVSS8.1AI score0.00279EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/02/03 2:15 a.m.29 views

CVE-2021-41838

An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check...

8.2CVSS0.00301EPSS
Exploits0References5
OSV
OSV
added 2022/02/03 2:15 a.m.3 views

CVE-2021-41838

An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check...

8.2CVSS7.5AI score0.00301EPSS
Exploits0References5
Prion
Prion
added 2022/02/03 2:15 a.m.24 views

Code injection

An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check...

7.2CVSS8.1AI score0.00301EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/02/03 1:43 a.m.32 views

CVE-2021-41838

An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check...

8.4AI score0.00301EPSS
Exploits0References4
CVE
CVE
added 2022/02/03 1:43 a.m.104 views

CVE-2021-41838

CVE-2021-41838 affects Insyde H2O SdHostDriver in the kernel 5.0–5.5. The vulnerability enables an attacker with local access to trigger a System Management Mode (SMM) callout and execute arbitrary code due to a Numeric Range Comparison Without a Minimum Check in SdHostDriver. Across connected so...

8.2CVSS8.1AI score0.00301EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/01/06 12:15 a.m.4 views

CVE-2021-45971

An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM System Management Mode branch that registers a SWSMI handler that does not...

8.2CVSS6AI score0.00279EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/01/05 11:9 p.m.43 views

CVE-2021-45971

An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM System Management Mode branch that registers a SWSMI handler that does not...

8.4AI score0.00279EPSS
Exploits0References3
CVE
CVE
added 2022/01/05 11:9 p.m.88 views

CVE-2021-45971

CVE-2021-45971 affects InsydeH2O’s SdHostDriver in the SMM path. A SWSMI handler registers without adequately validating the CommBufferData buffer, enabling potential SMM memory corruption and, per sources, possible code execution within SMM. Affected kernels: 5.1 before 05.16.25, 5.2 before 05.2...

8.2CVSS8.1AI score0.00279EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder