CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-29279
https://notcve.org/view.php?id=CVE-2022-29279
Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.17 Kernel 5.1: version 05.17.17 Kernel 5.2: version 05.27.17 Kernel 5.3: version 05.36.17 Kernel 5.4: version 05.44.17 Kernel 5.5: version 05.52.17 https://www.insyde.com/security-pledge/SA-2022062 El uso de un puntero que no es de confianza permite alterar la SMRAM y la memoria del sistema operativo en SdHostDriver y SdMmcDevice. El uso de un puntero que no es de confianza permite alterar la SMRAM y la memoria del sistema operativo en SdHostDriver y SdMmcDevice. Insyde descubrió este problema durante la revisión de seguridad. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022062 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30772
https://notcve.org/view.php?id=CVE-2022-30772
Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrite SMRAM or OS kernel memory. This issue was discovered by Insyde engineering during a security review. This issue is fixed in: Kernel 5.0: 05.09.41 Kernel 5.1: 05.17.43 Kernel 5.2: 05.27.30 Kernel 5.3: 05.36.30 Kernel 5.4: 05.44.30 Kernel 5.5: 05.52.30 https://www.insyde.com/security-pledge/SA-2022065 La manipulación de la dirección de entrada en la función PnpSmm 0x52 podría ser utilizada por malware para sobrescribir SMRAM o la memoria del kernel del Sistema Operativo. A la función 0x52 del controlador PnpSmm se le pasa la dirección y el tamaño de los datos para escribir en la tabla SMBIOS, pero el malware podría utilizar la manipulación de la dirección para sobrescribir SMRAM o la memoria del kernel del Sistema Operativo. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022065 • CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-29276
https://notcve.org/view.php?id=CVE-2022-29276
SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18 Kernel 5.2: version 05.27.18 Kernel 5.3: version 05.36.18 Kernel 5.4: version 05.44.18 Kernel 5.5: version 05.52.18 https://www.insyde.com/security-pledge/SA-2022059 Las funciones SMI en AhciBusDxe utilizan entradas que no son de confianza, lo que provoca una corrupción de la SMRAM. Las funciones SMI en AhciBusDxe utilizan entradas que no son de confianza, lo que provoca corrupción de SMRAM. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022059 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30283
https://notcve.org/view.php?id=CVE-2022-30283
In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges The UsbCoreDxe module creates a working buffer for USB transactions outside of SMRAM. The code which uses can be inside of SMM, making the working buffer untrusted input. The buffer can be corrupted by DMA transfers. The SMM code code attempts to sanitize pointers to ensure all pointers refer to the working buffer, but when a pointer is not found in the list of pointers to sanitize, the current action is not aborted, leading to undefined behavior. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022063 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2021-38578 – edk2: integer underflow in SmmEntryPoint function leads to potential SMM privilege escalation
https://notcve.org/view.php?id=CVE-2021-38578
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. Unas comprobaciones existentes de CommBuffer en SmmEntryPoint no detectan el desbordamiento cuando es calculado BufferSize A flaw was found in edk2. A integer underflow in the SmmEntryPoint function leads to a write into the SMM region allowing a local attacker with administration privileges on the system to execute code within the SMM privileged context. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://bugzilla.tianocore.org/show_bug.cgi?id=3387 https://www.insyde.com/security-pledge/SA-2023024 https://access.redhat.com/security/cve/CVE-2021-38578 https://bugzilla.redhat.com/show_bug.cgi?id=1960321 • CWE-124: Buffer Underwrite ('Buffer Underflow') CWE-787: Out-of-bounds Write •