57 results (0.034 seconds)

CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0

TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process. Vulnerabilidad de condición de ejecución TOCTOU en Insyde InsydeH2O con Kernel 5.2 anterior a la versión 05.27.29, Kernel 5.3 anterior a la versión 05.36.29, Kernel 5.4 anterior a la versión 05.44.13 y Kernel 5.5 anterior a la versión 05.52.13 permite a un atacante alterar los datos y el código utilizados por el resto del proceso de arranque. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2023038 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression. Se descubrió un problema de LogoFAIL en BmpDecoderDxe en Insyde InsydeH2O con kernel 5.2 anterior a 05.28.47, 5.3 anterior a 05.37.47, 5.4 anterior a 05.45.47, 5.5 anterior a 05.53.47 y 5.6 anterior a 05.60.47 para ciertos dispositivos Lenovo. El análisis de imágenes de archivos de logotipos BMP manipulados puede copiar datos a una dirección específica durante la fase DXE de la ejecución UEFI. • https://binarly.io/posts/finding_logofail_the_dangers_of_image_parsing_during_system_boot/index.html https://security.netapp.com/advisory/ntap-20240105-0002 https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2023053 https://www.kb.cert.org/vuls/id/811862 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation. Una vulnerabilidad de corrupción de memoria SMM en el controlador SMM (SMRAM write) en CsmInt10HookSmm en Insyde InsydeH2O con kernel 5.0 a 5.5 permite a atacantes enviar datos arbitrarios a SMM, lo que podría conducir a una escalada de privilegios. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2023055 • CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler. Se descubrió un problema en IhisiServicesSmm en Insyde InsydeH2O con kernel 5.0 a 5.5. Hay llamadas arbitrarias a SetVariable con argumentos no sanitizados en el controlador SMI. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2023056 •

CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0

An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration to ensure that the boot process is secure. (For example, Windows uses these PCR measurements to determine device health.) A vulnerable device can masquerade as a healthy device by extending arbitrary values into Platform Configuration Register (PCR) banks. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2023045 •