CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-29279
https://notcve.org/view.php?id=CVE-2022-29279
Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.17 Kernel 5.1: version 05.17.17 Kernel 5.2: version 05.27.17 Kernel 5.3: version 05.36.17 Kernel 5.4: version 05.44.17 Kernel 5.5: version 05.52.17 https://www.insyde.com/security-pledge/SA-2022062 El uso de un puntero que no es de confianza permite alterar la SMRAM y la memoria del sistema operativo en SdHostDriver y SdMmcDevice. El uso de un puntero que no es de confianza permite alterar la SMRAM y la memoria del sistema operativo en SdHostDriver y SdMmcDevice. Insyde descubrió este problema durante la revisión de seguridad. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022062 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30772
https://notcve.org/view.php?id=CVE-2022-30772
Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrite SMRAM or OS kernel memory. This issue was discovered by Insyde engineering during a security review. This issue is fixed in: Kernel 5.0: 05.09.41 Kernel 5.1: 05.17.43 Kernel 5.2: 05.27.30 Kernel 5.3: 05.36.30 Kernel 5.4: 05.44.30 Kernel 5.5: 05.52.30 https://www.insyde.com/security-pledge/SA-2022065 La manipulación de la dirección de entrada en la función PnpSmm 0x52 podría ser utilizada por malware para sobrescribir SMRAM o la memoria del kernel del Sistema Operativo. A la función 0x52 del controlador PnpSmm se le pasa la dirección y el tamaño de los datos para escribir en la tabla SMBIOS, pero el malware podría utilizar la manipulación de la dirección para sobrescribir SMRAM o la memoria del kernel del Sistema Operativo. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022065 • CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-29276
https://notcve.org/view.php?id=CVE-2022-29276
SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18 Kernel 5.2: version 05.27.18 Kernel 5.3: version 05.36.18 Kernel 5.4: version 05.44.18 Kernel 5.5: version 05.52.18 https://www.insyde.com/security-pledge/SA-2022059 Las funciones SMI en AhciBusDxe utilizan entradas que no son de confianza, lo que provoca una corrupción de la SMRAM. Las funciones SMI en AhciBusDxe utilizan entradas que no son de confianza, lo que provoca corrupción de SMRAM. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022059 • CWE-787: Out-of-bounds Write •
CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0CVE-2022-29278
https://notcve.org/view.php?id=CVE-2022-29278
Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during security review. Fixed in: Kernel 5.1: Version 05.17.23 Kernel 5.2: Version 05.27.23 Kernel 5.3: Version 05.36.23 Kernel 5.4: Version 05.44.23 Kernel 5.5: Version 05.52.23 https://www.insyde.com/security-pledge/SA-2022061 Las comprobaciones de puntero incorrectas dentro del controlador NvmExpressDxe pueden permitir la manipulación de SMRAM y la memoria del sistema operativo. Las comprobaciones de puntero incorrectas dentro del controlador NvmExpressDxe pueden permitir la manipulación de la memoria SMRAM y del sistema operativo. Insyde descubrió este problema durante la revisión de seguridad. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022061 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-30283
https://notcve.org/view.php?id=CVE-2022-30283
In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges The UsbCoreDxe module creates a working buffer for USB transactions outside of SMRAM. The code which uses can be inside of SMM, making the working buffer untrusted input. The buffer can be corrupted by DMA transfers. The SMM code code attempts to sanitize pointers to ensure all pointers refer to the working buffer, but when a pointer is not found in the list of pointers to sanitize, the current action is not aborted, leading to undefined behavior. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022063 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •