CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-33905
https://notcve.org/view.php?id=CVE-2022-33905
DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group, Fixed in kernel 5.2: 05.27.23, kernel 5.3: 05.36.23, kernel 5.4: 05.44.23, kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022047 Las transacciones DMA que están dirigidas a los búferes de entrada utilizados para el controlador SMI del software AhciBusDxe podrían causar corrupción de SMRAM (un ataque TOCTOU). Las transacciones DMA que están dirigidas a los búferes de entrada utilizados para el controlador SMI de software utilizado por el controlador AhciBusDxe podrían causar corrupción de SMRAM a través de un ataque TOCTOU. Este problema fue descubierto por ingeniería de Insyde basándose en la descripción general proporcionada por el grupo iSTARE de Intel, solucionado en el kernel 5.2: 05.27.23, kernel 5.3: 05.36.23, kernel 5.4: 05.44.23, kernel 5.5: 05.52.23 https:/ /www.insyde.com/security-pledge/SA-2022047 • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022047 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-33986
https://notcve.org/view.php?id=CVE-2022-33986
DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the driver VariableRuntimeDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23. CWE-367 CWE-367 Report at: https://www.insyde.com/security-pledge/SA-2022056 Los ataques DMA al búfer de parámetros utilizado por el controlador SMI del software VariableRuntimeDxe podrían provocar un ataque TOCTOU. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022056 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 1CVE-2022-36448
https://notcve.org/view.php?id=CVE-2022-36448
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver. Se ha detectado un problema en InsydeH2O con el kernel versiones 5.0 hasta 5.5. Se presenta una vulnerabilidad de corrupción de memoria SMM en el manejador SMI de software en el controlador PnpSmm • https://binarly.io/advisories/BRLY-2022-023/index.html https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022032 • CWE-20: Improper Input Validation •
CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-35893
https://notcve.org/view.php?id=CVE-2022-35893
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. Se ha detectado un problema en Insyde InsydeH2O con el kernel versiones 5.0 hasta 5.5. Una vulnerabilidad de corrupción de memoria SMM en el controlador FvbServicesRuntimeDxe permite a un atacante escribir datos fijos o predecibles en la SMRAM. • https://binarly.io/advisories/BRLY-2022-026/index.html https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022035 • CWE-20: Improper Input Validation •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36338
https://notcve.org/view.php?id=CVE-2022-36338
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then generate a software SMI. Se ha detectado un problema en InsydeH2O con el kernel 5.0 hasta 5.5. Una vulnerabilidad de llamada SMM en el controlador SMM FwBlockServiceSmm, que crea SMM, conlleva a una ejecución de código arbitrario. • https://binarly.io/advisories/BRLY-2022-017/index.html https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022029 •