CVE-2022-32470
https://notcve.org/view.php?id=CVE-2022-32470
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FwBlockServiceSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2023002 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVE-2022-36337
https://notcve.org/view.php?id=CVE-2022-36337
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code. Se descubrió un problema en Insyde InsydeH2O con los kernels 5.0 a 5.5. Una vulnerabilidad de desbordamiento del búfer de pila en el controlador MebxConfiguration conduce a la ejecución de código arbitrario. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022039 • CWE-787: Out-of-bounds Write •
CVE-2022-35407
https://notcve.org/view.php?id=CVE-2022-35407
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the first, then the buffer will be overwritten. This issue affects the SetupUtility driver of InsydeH2O. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022040 • CWE-787: Out-of-bounds Write •
CVE-2022-35897
https://notcve.org/view.php?id=CVE-2022-35897
An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally locked (read-only) at the OS level and therefore an attack would require direct SPI modification. If an attacker can change the values of at least two variables out of three (SecureBootEnforce, SecureBoot, RestoreBootSettings), it is possible to execute arbitrary code. Se descubrió una vulnerabilidad de desbordamiento del búfer que provoca un problema de ejecución de código arbitrario en Insyde InsydeH2O con kernel 5.0 a 5.5. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022041 • CWE-787: Out-of-bounds Write •
CVE-2022-29275
https://notcve.org/view.php?id=CVE-2022-29275
In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 Kernel 5.1: version 05.17.21 Kernel 5.2: version 05.27.21 Kernel 5.3: version 05.36.21 Kernel 5.4: version 05.44.21 Kernel 5.5: version 05.52.21 https://www.insyde.com/security-pledge/SA-2022058 En UsbCoreDxe, la entrada que no es de confianza puede permitir la manipulación de la memoria SMRAM o del Sistema Operativo. El uso de punteros que no son de confianza podría permitir la manipulación de la memoria SMRAM o del Sistema Operativo, lo que lleva a una escalada de privilegios. Insyde descubrió este problema durante la revisión de seguridad. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022058 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •