24 matches found
EUVD-2021-30451
Malicious code in bioql PyPI...
EUVD-2022-37280
Malicious code in bioql PyPI...
EUVD-2024-22440
Malicious code in bioql PyPI...
CVE-2022-34325
DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe drive...
CVE-2024-25078
A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and kernel 5.6: IB19130163 in 05.61.07 could lead to escalating...
CVE-2024-25078
A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and kernel 5.6: IB19130163 in 05.61.07 could lead to escalating...
CVE-2024-25078
A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and kernel 5.6: IB19130163 in 05.61.07 could lead to escalating...
CVE-2024-25078
Insyde InsydeH2O contains a memory corruption vulnerability in StorageSecurityCommandDxe that could lead to privilege escalation in SMM. Affected: Insyde InsydeH2O before kernel 5.2 (fix IB19130163 in 05.29.07), before kernel 5.3 (fix in 05.38.07), before kernel 5.4 (fix in 05.46.07), before kern...
Siemens InsydeH2O SMM Privilege Escalation (CVE-2021-42113)
An issue was discovered in StorageSecurityCommandDxe in Insyde InsydeH2O with Kernel 5.1 before 05.14.28, Kernel 5.2 before 05.24.28, and Kernel 5.3 before 05.32.25. An SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this...
Siemens InsydeH2O Out-of-bounds Write (CVE-2021-43522)
An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. A StorageSecurityCommandDxe SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to...
Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-34325)
DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe drive...
Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32474)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the StorageSecurityCommandDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigat...
CVE-2022-32474
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the StorageSecurityCommandDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigat...
Race condition
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the StorageSecurityCommandDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigat...
CVE-2022-32474
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the StorageSecurityCommandDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigat...
CVE-2022-32474
CVE-2022-32474 affects InsydeH2O BIOS (InsydeH2O kernel 5.0–5.5). The issue is a TOCTOU race in the DMA path on the StorageSecurityCommandDxe shared buffer used by SMM and non-SMM code, which can lead to SMRAM corruption and privilege escalation. The root cause involves a race between memory chec...
CVE-2022-34325
DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe drive...
Memory corruption
DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe drive...
PT-2022-22131 · Insyde · Insydeh2O Uefi Firmware
Name of the Vulnerable Software and Affected Versions: InsydeH2O UEFI firmware affected versions not specified Description: The issue concerns DMA transactions targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler, which could cause SMRAM corruption through a TOCTO...
CVE-2022-34325
CVE-2022-34325 affects InsydeH2O StorageSecurityCommandDxe in UEFI BIOS/firmware. The issue is a TOCTOU race condition where DMA transactions targeting input buffers used by the StorageSecurityCommandDxe SMI handler can lead to SMRAM corruption. Affected component appears to be the StorageSecurit...