Page 10 of 55 results (0.009 seconds)

CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere. Se ha descubierto un problema en AhciBusDxe en el kernel versión 5.0 hasta la 5.5 de InsydeH2O. Hay una llamada SMM que permite a un atacante acceder al Modo de Gestión del Sistema y ejecutar código arbitrario. • https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf https://security.netapp.com/advisory/ntap-20220217-0012 https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022019 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •

CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.0 before 05.08.41, 5.1 before 05.16.29, 5.2 before 05.26.29, 5.3 before 05.35.29, 5.4 before 05.43.29, and 5.5 before 05.51.29. An SMM callout vulnerability allows an attacker to hijack the execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. Se ha detectado un problema en AhciBusDxe en InsydeH2O con el kernel versión 5.0 anteriores a 05.08.41, versiones 5.1 anteriores a 05.16.29, versiones 5.2 anteriores a 05.26.29, versiones 5.3 anteriores a 05.35.29, versiones 5.4 anteriores a 05.43.29 y versiones 5.5 anteriores a 05.51.29. Una vulnerabilidad en la llamada SMM permite a un atacante secuestrar el flujo de ejecución del código que es ejecutado en el modo de administración del sistema. • https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf https://security.netapp.com/advisory/ntap-20220216-0002 https://www.insyde.com/security-pledge •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. A StorageSecurityCommandDxe SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. Se ha detectado un problema en InsydeH2O con el kernel versión 5.1 hasta 08-11-2021, versión 5.2 hasta 08-11-2021 y versión 5.3 hasta 08-11-2021. Una vulnerabilidad de corrupción de memoria de StorageSecurityCommandDxe SMM permite a un atacante escribir datos fijos o predecibles en la SMRAM. • https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf https://security.netapp.com/advisory/ntap-20220216-0003 https://www.insyde.com/security-pledge • CWE-787: Out-of-bounds Write •

CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0

An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (CommBufferData). Se ha detectado un problema en SdHostDriver en Insyde InsydeH2O con el kernel 5.1 anteriores a 05.16.25, 5.2 anteriores a 05.26.25, 5.3 anteriores a 05.35.25, 5.4 anteriores a 05.43.25 y 5.5 anteriores a 05.51.25. Se presenta una vulnerabilidad en la rama SMM (System Management Mode) que registra un manejador SWSMI que no comprueba ni valida suficientemente el puntero del búfer asignado (CommBufferData). • https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf https://security.netapp.com/advisory/ntap-20220216-0004 https://www.insyde.com/security-pledge • CWE-787: Out-of-bounds Write •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler lacks a CommBuffer check. Se ha detectado un problema en AtaLegacySmm en el kernel 5.0 anteriores a 05.08.46, 5.1 anteriores a 05.16.46, 5.2 anteriores a 05.26.46, 5.3 anteriores a 05.35.46, 5.4 anteriores a 05.43.46 y 5.5 anteriores a 05.51.45 en InsydeH2O. Puede producirse una ejecución de código porque el manejador SMI carece de una comprobación de CommBuffer. • https://security.netapp.com/advisory/ntap-20220223-0002 https://www.insyde.com/security-pledge •