CVE-2023-28468
https://notcve.org/view.php?id=CVE-2023-28468
An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2023039 • CWE-863: Incorrect Authorization •
CVE-2022-36337
https://notcve.org/view.php?id=CVE-2022-36337
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code. Se descubrió un problema en Insyde InsydeH2O con los kernels 5.0 a 5.5. Una vulnerabilidad de desbordamiento del búfer de pila en el controlador MebxConfiguration conduce a la ejecución de código arbitrario. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022039 • CWE-787: Out-of-bounds Write •
CVE-2022-35407
https://notcve.org/view.php?id=CVE-2022-35407
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the first, then the buffer will be overwritten. This issue affects the SetupUtility driver of InsydeH2O. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022040 • CWE-787: Out-of-bounds Write •
CVE-2022-35897
https://notcve.org/view.php?id=CVE-2022-35897
An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally locked (read-only) at the OS level and therefore an attack would require direct SPI modification. If an attacker can change the values of at least two variables out of three (SecureBootEnforce, SecureBoot, RestoreBootSettings), it is possible to execute arbitrary code. Se descubrió una vulnerabilidad de desbordamiento del búfer que provoca un problema de ejecución de código arbitrario en Insyde InsydeH2O con kernel 5.0 a 5.5. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022041 • CWE-787: Out-of-bounds Write •
CVE-2022-29275
https://notcve.org/view.php?id=CVE-2022-29275
In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 Kernel 5.1: version 05.17.21 Kernel 5.2: version 05.27.21 Kernel 5.3: version 05.36.21 Kernel 5.4: version 05.44.21 Kernel 5.5: version 05.52.21 https://www.insyde.com/security-pledge/SA-2022058 En UsbCoreDxe, la entrada que no es de confianza puede permitir la manipulación de la memoria SMRAM o del Sistema Operativo. El uso de punteros que no son de confianza podría permitir la manipulación de la memoria SMRAM o del Sistema Operativo, lo que lleva a una escalada de privilegios. Insyde descubrió este problema durante la revisión de seguridad. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022058 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •