33 matches found
CVE-2021-38578
CVE-2021-38578 affects the EDK II (edk2) firmware development environment. The vulnerability arises in existing CommBuffer checks in SmmEntryPoint, where underflow can occur when computing BufferSize. This underflow can lead to a SMM privilege escalation as described in multiple advisories refere...
CVE-2021-38575
CVE-2021-38575 affects NetworkPkg/IScsiDxe in EDK II. Remotely exploitable buffer overflows are indicated, with potential denial of service or arbitrary code execution. Public disclosures in Debian and Ubuntu advisories show fixes in edk2 (e.g., Debian 11 security update 2020.11-2+deb11u3) and in...
CVE-2024-25078
Insyde InsydeH2O contains a memory corruption vulnerability in StorageSecurityCommandDxe that could lead to privilege escalation in SMM. Affected: Insyde InsydeH2O before kernel 5.2 (fix IB19130163 in 05.29.07), before kernel 5.3 (fix in 05.38.07), before kernel 5.4 (fix in 05.46.07), before kern...
CVE-2022-31243
CVE-2022-31243 describes a TOCTOU race condition affecting the FvbServicesRuntimeDxe driver, where DMA transactions targeting input buffers used by the software SMI handler could cause SMRAM corruption. The issue is part of a broader family of TOCTOU vulnerabilities (multiple CVEs) related to Ins...
CVE-2022-29278
The CVE-2022-29278 entry involves the NvmExpressDxe driver with incorrect pointer checks that can allow tampering with SMRAM and OS memory. This vulnerability is documented across multiple security trackers (e.g., Insyde InsydeH2O BIOS context) and is tied to specific fixed kernel versions: 5.1 -...
CVE-2022-29279
CVE-2022-29279 involves a vulnerability in InsydeH2O BIOS where the use of an untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. Root cause: untrusted pointer handling in the affected code paths. Impact (per sources): potential memory tampering with high ...
CVE-2022-33982
CVE-2022-33982 concerns a DMA-based TOCTOU vulnerability in the Int15ServiceSmm software SMI handler. The parameter buffer accessed by the SMI handler is susceptible to DMA manipulation, allowing an attacker to alter values after they are checked but before use, potentially causing SMRAM corrupti...
CVE-2022-29275
CVE-2022-29275 affects InsydeInsydeH2O BIOS/UsbCoreDxe, where untrusted input may allow memory tampering in SMRAM or OS, enabling privilege escalation. The issue arises from a use of untrusted pointers in UsbCoreDxe and is tied to the BIOS/UEFI environment. The vulnerability is fixed in kernel up...
CVE-2022-30773
CVE-2022-30773 describes DMA attacks against the parameter buffer of the IhisiSmm driver, enabling a TOCTOU where an attacker could alter data after parameter validation but before use. The issue is addressed by kernel fixes: Kernel 5.4 (05.44.23) and Kernel 5.5 (05.52.23). Affected component: Ih...
CVE-2022-30772
Summary: CVE-2022-30772 describes a memory corruption vulnerability in InsydeH2O BIOS/SMM related to the PnpSmm function 0x52. The input address and size passed to the SMBIOS write operation can be manipulated, enabling a malware attacker with local access to potentially overwrite SMRAM or OS ker...
CVE-2022-30774
CVE-2022-30774 describes a TOCTOU vulnerability in the parameter buffer used by the PnpSmm driver, enabling DMA to modify contents after parameter values are checked but before use. Documented for Siemens RuggedCom APE1808 products with InsydeH2O UEFI firmware, the CVSS base score is 6.4 (AV:L/AC...
CVE-2022-33905
CVE-2022-33905 describes a TOCTOU vulnerability in the AhciBusDxe driver’s SMI input buffers, where DMA targeting those buffers could cause SMRAM corruption. The issue, attributed to Insyde engineering with Intel’s iSTARE context, is fixed in Linux kernels: 5.2 (05.27.23), 5.3 (05.36.23), 5.4 (05...
CVE-2022-33983
CVE-2022-33983 describes a TOCTOU DMA attack affecting the NvmExpressLegacy SMI handler used by the NvmExpressLegacy driver, potentially enabling SMRAM corruption. The issue is triggered by DMA transactions targeting input buffers for the software SMI handler, with the root cause tied to TOCTOU c...
CVE-2022-29276
CVE-2022-29276 affects the AhciBusDxe SMI handling, where untrusted inputs can lead to SMRAM corruption. The issue is documented across multiple sources (NVD, Red Hat, PRION/PTSecurity entries) and is tied to the AhciBusDxe component prior to specific kernel revisions. Reported root cause: SMI fu...
CVE-2022-32267
CVE-2022-32267 concerns DMA targeting input buffers used by the SmmResourceCheckDxe SMI handler in InsydeH2O UEFI firmware, leading to SMRAM corruption via a TOCTOU vulnerability. The issue, discovered by Insyde engineering, is mitigated by kernel updates: Kernel 5.2 (05.27.23), 5.3 (05.36.23), 5...
CVE-2022-33986
CVE-2022-33986 concerns DMA attacks on the parameter buffer used by the InsydeH2O/VariableRuntimeDxe SMI handler, potentially enabling a TOCTOU attack and SMRAM corruption. Public sources specify the vulnerable component as the VariableRuntimeDxe driver’s SMI handler parameter buffer, with exploi...
CVE-2022-32266
The connected records provide concrete details for CVE-2022-32266 affecting Insyde InsydeH2O. The vulnerability arises from DMA attacks against the parameter buffer used by the PcdSmmDxe software SMI handler, enabling a TOCTOU race condition that can corrupt other ACPI fields and adjacent memory....
CVE-2022-33907
CVE-2022-33907 describes a TOCTOU vulnerability in the SMI handler input buffers of the InsydeH2O IdeBusDxe driver. DMA accesses targeting these buffers could lead to SMRAM corruption. The issue is recorded with a base CVSSv3.1 base score of 6.4 (LOCAL, HIGH complexity, HIGH privileges required) ...
CVE-2022-36337
CVE-2022-36337 affects Insyde InsydeH2O, with kernel 5.0–5.5. A stack buffer overflow in the MebxConfiguration driver can cause arbitrary code execution when a UEFI variable is read by BIOS code, potentially enabling local compromise. Remediation guidance present in PT-2022-23314 suggests tempora...
CVE-2022-33908
CVE-2022-33908 affects the SdHostDriver SMI handler: DMA targeted at input buffers can cause SMRAM corruption via a TOCTOU race condition. The issue is caused by TOCTOU in DMA handling of the SdHostDriver software SMI input buffers. Affected software/hardware is described in the Siemens/Insyde ma...
CVE-2022-33984
The CVE-2022-33984 entry describes a TOCTOU DMA vulnerability affecting the SdMmcDevice SMI handler that can corrupt SMRAM. Connected sources expand to multiple TOCTOU flaws in Insyde-managed firmware (various SMI handlers such as SdHostDriver, FvbServicesRuntimeDxe, IdeBusDxe) with CVEs 2022-307...
CVE-2022-33906
TOCTOU vulnerability CVE-2022-33906 affects the input buffers used by the FwBlockServiceSmm software SMI handler in InsydeH2O UEFI firmware. DMA to these buffers can race with checks, potentially causing SMRAM corruption. Documented instances reference Siemens RuggedCom APE1808 platforms with Ins...
CVE-2022-35407
The CVE concerns InsydeH2O’s SetupUtility driver on Intel platforms, affected versions 5.0–5.5. A stack buffer overflow from handling two UEFI variables allows arbitrary code execution when the second variable exceeds the first, enabling modification of certain UEFI variables. Impact is local, wi...
CVE-2022-33909
CVE-2022-33909 is a TOCTOU-related DMA vulnerability affecting the HddPassword SMI handler in InsydeH2O firmware. The issue arises from DMA transactions targeting input buffers used by the software SMI handler, potentially allowing SMRAM corruption. Public documentation confirms a fix was applied...
CVE-2022-35897
CVE-2022-35897 affects Insyde InsydeH2O kernel 5.0–5.5. A stack buffer overflow occurs when an attacker modifies certain UEFI variables, potentially causing arbitrary code execution. Exploitation requires direct SPI modification and the attacker must change at least two of three variables (Secure...
CVE-2022-30771
CVE-2022-30771 affects InsydeH2O BIOS (5.1–5.5) via an initialization function in PnpSmm that may cause SMRAM corruption when using subsequent PNP SMI functions. Root cause: initialization path in PnpSmm. Impact: potential SMRAM corruption with high confidentiality, integrity, and availability im...
CVE-2022-30283
The CVE-2022-30283 issue affects UsbCoreDxe where DMA-tampering of the USB working buffer during certain USB transactions can trigger a TOCTOU race, allowing potential SMRAM corruption and privilege escalation. The root cause is that the SMM code sanitizes pointers to the working buffer but may p...
CVE-2023-47252
Summary (CVE-2023-47252): Insyde InsydeH2O’s PnpSmm in the kernel range 5.0–5.6 is affected by an out-of-bounds access in the SMM communication buffer. The PNP-related SMI sub-functions do not verify data size before reading from the buffer, potentially allowing corruption of data immediately fol...
CVE-2022-33985
The CVE-2022-33985 issue affects the NvmExpressDxe driver’s SMI input buffers. It enables a TOCTOU vulnerability that can lead to SMRAM corruption via DMA targeted at the SMI handler input buffers. The problem is fixed in kernel updates: 5.2 (05.27.25), 5.3 (05.36.25), 5.4 (05.44.25), and 5.5 (05...
CVE-2022-46897
An issue in InsydeInsydeH2O (kernel 5.0–5.5) affects the CapsuleIFWUSmm driver, which does not check the return value from a method or function, potentially preventing detection of unexpected states. Affected component: CapsuleIFWUSmm driver in InsydeH2O. Impact: local conditions/state misdetecti...
CVE-2023-28468
CVE-2023-28468 : InsydeH2O BIOS’ FvbServicesRuntimeDxe (SMM) exposes an SMI handler that enables the OS to interact with the SPI flash at run-time. Affects InsydeInsydeH2O (FvbServicesRuntimeDxe SMM module) on kernel 5.0–5.5. According to the available references, this can lead to local access wi...
CVE-2024-49200
The CVE-2024-49200 entry describes a DXE memory corruption in InsydeH2O (AcpiS3SaveDxe and ChipsetSvcDxe) affecting kernel 5.2–5.7. Root cause: using a pointer derived from an NVRAM variable as the target of a write, enabling arbitrary writes and potentially arbitrary code execution. Affected pla...
CVE-2024-52880
The connected PT-2025-17633 entry provides concrete fixes for Insyde InsydeH2O kernel vulnerabilities: affected kernel versions are 5.2–05.29.49, 5.3–05.38.49, 5.4–05.46.49, 5.5–05.54.49, 5.6–05.61.49, and 5.7–05.70.49. The root cause is that the SecureBootHandler in the VariableRuntimeDxe driver...