CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2022-32267
https://notcve.org/view.php?id=CVE-2022-32267
DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DMA transactions which are targeted at input buffers used for the software SMI handler used by the SmmResourceCheckDxe driver could cause SMRAM corruption through a TOCTOU attack... This issue was discovered by Insyde engineering. Fixed in kernel Kernel 5.2: 05.27.23. Kernel 5.3: 05.36.23. Kernel 5.4: 05.44.23. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022046 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-33984
https://notcve.org/view.php?id=CVE-2022-33984
DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdMmcDevice driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. This was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022054 Las transacciones DMA que están dirigidas a los búfers de entrada utilizados para el controlador SMI del software SdMmcDevice podrían causar corrupción de SMRAM a través de un ataque TOCTOU. Las transacciones DMA que están dirigidas a los búfers de entrada utilizados para el controlador SMI de software utilizado por el controlador SdMmcDevice podrían causar corrupción de SMRAM a través de un ataque TOCTOU. • https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022054 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-33905
https://notcve.org/view.php?id=CVE-2022-33905
DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group, Fixed in kernel 5.2: 05.27.23, kernel 5.3: 05.36.23, kernel 5.4: 05.44.23, kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022047 Las transacciones DMA que están dirigidas a los búferes de entrada utilizados para el controlador SMI del software AhciBusDxe podrían causar corrupción de SMRAM (un ataque TOCTOU). Las transacciones DMA que están dirigidas a los búferes de entrada utilizados para el controlador SMI de software utilizado por el controlador AhciBusDxe podrían causar corrupción de SMRAM a través de un ataque TOCTOU. Este problema fue descubierto por ingeniería de Insyde basándose en la descripción general proporcionada por el grupo iSTARE de Intel, solucionado en el kernel 5.2: 05.27.23, kernel 5.3: 05.36.23, kernel 5.4: 05.44.23, kernel 5.5: 05.52.23 https:/ /www.insyde.com/security-pledge/SA-2022047 • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022047 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2021-38578 – edk2: integer underflow in SmmEntryPoint function leads to potential SMM privilege escalation
https://notcve.org/view.php?id=CVE-2021-38578
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. Unas comprobaciones existentes de CommBuffer en SmmEntryPoint no detectan el desbordamiento cuando es calculado BufferSize A flaw was found in edk2. A integer underflow in the SmmEntryPoint function leads to a write into the SMM region allowing a local attacker with administration privileges on the system to execute code within the SMM privileged context. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://bugzilla.tianocore.org/show_bug.cgi?id=3387 https://www.insyde.com/security-pledge/SA-2023024 https://access.redhat.com/security/cve/CVE-2021-38578 https://bugzilla.redhat.com/show_bug.cgi?id=1960321 • CWE-124: Buffer Underwrite ('Buffer Underflow') CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 1CVE-2021-38575 – edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe
https://notcve.org/view.php?id=CVE-2021-38575
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. NetworkPkg/IScsiDxe presenta unos desbordamientos de búfer explotables de forma remota A flaw was found in edk2. Missing checks in the IScsiHexToBin function in NetworkPkg/IScsiDxe lead to a buffer overflow allowing a remote attacker, who can inject himself in the communication between edk2 and the iSCSI target, to write arbitrary data to any address in the edk2 firmware and potentially execute code. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://bugzilla.tianocore.org/show_bug.cgi?id=3356 https://www.insyde.com/security-pledge/SA-2023025 https://access.redhat.com/security/cve/CVE-2021-38575 https://bugzilla.redhat.com/show_bug.cgi?id=1956284 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-124: Buffer Underwrite ('Buffer Underflow') •