Vulnerabilites related to insyde - kernel
Vulnerability from fkie_nvd
Published
2023-08-03 15:15
Modified
2024-11-21 07:55
Severity ?
Summary
An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.insyde.com/security-pledge | Not Applicable | |
| cve@mitre.org | https://www.insyde.com/security-pledge/SA-2023039 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2023039 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5100FC-51F0-48D6-A4F0-782F1281DBF3",
"versionEndIncluding": "5.5",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS."
}
],
"id": "CVE-2023-28468",
"lastModified": "2024-11-21T07:55:09.023",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-03T15:15:20.167",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2023039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2023039"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-15 22:15
Modified
2024-11-21 06:58
Severity ?
Summary
SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18 Kernel 5.2: version 05.27.18 Kernel 5.3: version 05.36.18 Kernel 5.4: version 05.44.18 Kernel 5.5: version 05.52.18 https://www.insyde.com/security-pledge/SA-2022059
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.insyde.com/security-pledge | Vendor Advisory | |
| cve@mitre.org | https://www.insyde.com/security-pledge/SA-2022059 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2022059 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D7029-CF0B-403B-BAF9-2E010386B57E",
"versionEndExcluding": "5.0.05.09.18",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "715B9950-ABEB-4AF6-AA5B-74E6A7CB6B85",
"versionEndExcluding": "5.1.05.17.18",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A36EE11-E18D-4114-87CF-F6EF71FB389C",
"versionEndExcluding": "5.2.05.27.18",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "185EB02B-3842-41FC-A16E-240462D00B5D",
"versionEndExcluding": "5.3.05.36.18",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E698B548-259B-48B2-96D4-693A31DCF394",
"versionEndExcluding": "5.4.05.44.18",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19830B3D-E7CA-4989-8FBF-AB0D6A4E386D",
"versionEndExcluding": "5.5.05.52.18",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18 Kernel 5.2: version 05.27.18 Kernel 5.3: version 05.36.18 Kernel 5.4: version 05.44.18 Kernel 5.5: version 05.52.18 https://www.insyde.com/security-pledge/SA-2022059"
},
{
"lang": "es",
"value": "Las funciones SMI en AhciBusDxe utilizan entradas que no son de confianza, lo que provoca una corrupci\u00f3n de la SMRAM. Las funciones SMI en AhciBusDxe utilizan entradas que no son de confianza, lo que provoca corrupci\u00f3n de SMRAM. Insyde descubri\u00f3 este problema durante la revisi\u00f3n de seguridad. Se solucion\u00f3 en: \nKernel 5.0: versi\u00f3n 05.09.18 \nKernel 5.1: versi\u00f3n 05.17.18 \nKernel 5.2: versi\u00f3n 05.27.18 \nKernel 5.3: versi\u00f3n 05.36.18 \nKernel 5.4: versi\u00f3n 05.44.18 \nKernel 5.5: versi\u00f3n 05.52.18 \nhttps:/ /www.insyde.com/security-pledge/SA-2022059"
}
],
"id": "CVE-2022-29276",
"lastModified": "2024-11-21T06:58:51.230",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-15T22:15:10.087",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022059"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-15 00:15
Modified
2024-11-21 07:08
Severity ?
Summary
DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the FwBlockServiceSmm driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel 5.2: 05.27.23, 5.3: 05.36.23, 5.4: 05.44.23, 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022048
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94BB75BA-F075-45A2-AD76-BA8DCA2F4CEF",
"versionEndExcluding": "5.2.05.27.23",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B164BDEE-BE93-4EB5-89E7-AB2D63512CA6",
"versionEndExcluding": "5.3.05.36.23",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5CC2DFA-DE56-4615-8F35-84F3ACD3B541",
"versionEndExcluding": "5.4.05.44.23",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9786B2BB-8754-4BA4-868E-FA2468D13AD2",
"versionEndExcluding": "5.5.05.52.23",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the FwBlockServiceSmm driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. Fixed in kernel 5.2: 05.27.23, 5.3: 05.36.23, 5.4: 05.44.23, 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022048"
},
{
"lang": "es",
"value": "Las transacciones DMA que est\u00e1n dirigidas a los b\u00faferes de entrada utilizados para el controlador SMI del software FwBlockServiceSmm podr\u00edan causar corrupci\u00f3n de SMRAM a trav\u00e9s de un ataque TOCTOU. Las transacciones DMA que est\u00e1n dirigidas a los b\u00faferes de entrada utilizados para el controlador SMI de software utilizado por el controlador FwBlockServiceSmm podr\u00edan causar corrupci\u00f3n de SMRAM a trav\u00e9s de un ataque TOCTOU. Este problema fue descubierto por ingenier\u00eda de Insyde bas\u00e1ndose en la descripci\u00f3n general proporcionada por el grupo iSTARE de Intel. Corregido en el kernel 5.2: 05.27.23, 5.3: 05.36.23, 5.4: 05.44.23, 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022048"
}
],
"id": "CVE-2022-33906",
"lastModified": "2024-11-21T07:08:34.450",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-15T00:15:11.870",
"references": [
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022048"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-01 18:15
Modified
2024-11-21 06:17
Severity ?
Summary
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| infosec@edk2.groups.io | https://bugzilla.tianocore.org/show_bug.cgi?id=3356 | Exploit, Issue Tracking, Vendor Advisory | |
| infosec@edk2.groups.io | https://www.insyde.com/security-pledge/SA-2023025 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.tianocore.org/show_bug.cgi?id=3356 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2023025 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D81E5FE6-D7EC-49DA-BB6A-E58F9D7D3FBB",
"versionEndIncluding": "202105",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:insyde:kernel:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FFCC4619-B867-4E23-AF05-FF92B43628AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB40061A-BEDF-4D72-BF2D-D1B10EB80A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6AFE61-A2A4-49DF-A8EE-B2F425DA7A08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D21132C0-F2CF-4134-A165-926155031913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6549F7F1-A438-4C84-9D66-C89C697E2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DE339FA1-8572-4365-B420-530D62686C08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NetworkPkg/IScsiDxe has remotely exploitable buffer overflows."
},
{
"lang": "es",
"value": "NetworkPkg/IScsiDxe presenta unos desbordamientos de b\u00fafer explotables de forma remota"
}
],
"id": "CVE-2021-38575",
"lastModified": "2024-11-21T06:17:32.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-01T18:15:07.760",
"references": [
{
"source": "infosec@edk2.groups.io",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3356"
},
{
"source": "infosec@edk2.groups.io",
"tags": [
"Third Party Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2023025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2023025"
}
],
"sourceIdentifier": "infosec@edk2.groups.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-124"
}
],
"source": "infosec@edk2.groups.io",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-15 00:15
Modified
2024-11-21 07:08
Severity ?
Summary
DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdHostDriver driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022050
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.insyde.com/security-pledge | Vendor Advisory | |
| cve@mitre.org | https://www.insyde.com/security-pledge/SA-2022050 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2022050 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27D786B-7905-4963-8919-C06B53FF1BE7",
"versionEndExcluding": "5.2.05.27.25",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D80AAA27-6BBB-4476-9A8B-75C838DD3CB3",
"versionEndExcluding": "5.3.05.36.25",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F161D09-7811-4B26-914E-C082D86044A4",
"versionEndExcluding": "5.4.05.44.25",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AEA99AC-5827-430B-97AD-35178056390C",
"versionEndExcluding": "5.5.05.52.25",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdHostDriver driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022050"
},
{
"lang": "es",
"value": "Las transacciones DMA que est\u00e1n dirigidas a los b\u00faferes de entrada utilizados para el controlador SMI del software SdHostDriver podr\u00edan causar corrupci\u00f3n de SMRAM a trav\u00e9s de un ataque TOCTOU. Las transacciones DMA que est\u00e1n dirigidas a los b\u00faferes de entrada utilizados para el controlador SMI de software utilizado por el controlador SdHostDriver podr\u00edan causar corrupci\u00f3n de SMRAM a trav\u00e9s de un ataque TOCTOU. Este problema fue descubierto por ingenier\u00eda de Insyde bas\u00e1ndose en la descripci\u00f3n general proporcionada por el grupo iSTARE de Intel. Corregido en kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022050"
}
],
"id": "CVE-2022-33908",
"lastModified": "2024-11-21T07:08:34.833",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-15T00:15:11.937",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022050"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-14 23:15
Modified
2024-11-21 07:08
Severity ?
Summary
DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buffer used by the software SMI handler used by the driver Int15ServiceSmm could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23 CWE-367
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94BB75BA-F075-45A2-AD76-BA8DCA2F4CEF",
"versionEndExcluding": "5.2.05.27.23",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B164BDEE-BE93-4EB5-89E7-AB2D63512CA6",
"versionEndExcluding": "5.3.05.36.23",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5CC2DFA-DE56-4615-8F35-84F3ACD3B541",
"versionEndExcluding": "5.4.05.44.23",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9786B2BB-8754-4BA4-868E-FA2468D13AD2",
"versionEndExcluding": "5.5.05.52.23",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buffer used by the software SMI handler used by the driver Int15ServiceSmm could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23 CWE-367"
},
{
"lang": "es",
"value": "Los ataques DMA al b\u00fafer de par\u00e1metros utilizado por el controlador SMI del software Int15ServiceSmm podr\u00edan provocar un ataque TOCTOU al controlador SMI y provocar la corrupci\u00f3n de SMRAM. Los ataques DMA al b\u00fafer de par\u00e1metros utilizado por el controlador SMI de software utilizado por el controlador Int15ServiceSmm podr\u00edan provocar un ataque TOCTOU al controlador SMI y provocar da\u00f1os en SMRAM. Este problema fue descubierto por la ingenier\u00eda de Insyde durante una revisi\u00f3n de seguridad. Este problema se solucion\u00f3 en Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23 y Kernel 5.5: 05.52.23 CWE-367"
}
],
"id": "CVE-2022-33982",
"lastModified": "2024-11-21T07:08:42.810",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-14T23:15:11.020",
"references": [
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022052"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-15 00:15
Modified
2024-11-21 07:08
Severity ?
Summary
DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressLegacy driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. This issue was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022053
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.insyde.com/security-pledge | Vendor Advisory | |
| cve@mitre.org | https://www.insyde.com/security-pledge/SA-2022053 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2022053 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27D786B-7905-4963-8919-C06B53FF1BE7",
"versionEndExcluding": "5.2.05.27.25",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D80AAA27-6BBB-4476-9A8B-75C838DD3CB3",
"versionEndExcluding": "5.3.05.36.25",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F161D09-7811-4B26-914E-C082D86044A4",
"versionEndExcluding": "5.4.05.44.25",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AEA99AC-5827-430B-97AD-35178056390C",
"versionEndExcluding": "5.5.05.52.25",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressLegacy driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. This issue was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022053"
},
{
"lang": "es",
"value": "Las transacciones DMA que est\u00e1n dirigidas a los b\u00faferes de entrada utilizados para el controlador SMI del software NvmExpressLegacy podr\u00edan causar corrupci\u00f3n de SMRAM a trav\u00e9s de un ataque TOCTOU. Las transacciones DMA que est\u00e1n dirigidas a los b\u00faferes de entrada utilizados para el controlador SMI de software utilizado por el controlador NvmExpressLegacy podr\u00edan causar corrupci\u00f3n de SMRAM a trav\u00e9s de un ataque TOCTOU. Este problema fue descubierto por ingenier\u00eda de Insyde bas\u00e1ndose en la descripci\u00f3n general proporcionada por el grupo iSTARE de Intel. Este problema se solucion\u00f3 en el kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022053"
}
],
"id": "CVE-2022-33983",
"lastModified": "2024-11-21T07:08:42.960",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-15T00:15:12.110",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022053"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-22 02:15
Modified
2024-11-21 07:11
Severity ?
Summary
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the first, then the buffer will be overwritten. This issue affects the SetupUtility driver of InsydeH2O.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.insyde.com/security-pledge | Vendor Advisory | |
| cve@mitre.org | https://www.insyde.com/security-pledge/SA-2022040 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2022040 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5100FC-51F0-48D6-A4F0-782F1281DBF3",
"versionEndIncluding": "5.5",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the first, then the buffer will be overwritten. This issue affects the SetupUtility driver of InsydeH2O."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Insyde InsydeH2O con los kernels 5.0 a 5.5. Un desbordamiento del b\u00fafer conduce a la ejecuci\u00f3n de c\u00f3digo arbitrario en el controlador SetupUtility en plataformas Intel. Un atacante puede cambiar los valores de ciertas variables UEFI. Si el tama\u00f1o de la segunda variable excede el tama\u00f1o de la primera, se sobrescribir\u00e1 el b\u00fafer. Este problema afecta al controlador SetupUtility de InsydeH2O."
}
],
"id": "CVE-2022-35407",
"lastModified": "2024-11-21T07:11:06.883",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-22T02:15:09.120",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022040"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-15 22:15
Modified
2024-11-21 06:58
Severity ?
Summary
Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.17 Kernel 5.1: version 05.17.17 Kernel 5.2: version 05.27.17 Kernel 5.3: version 05.36.17 Kernel 5.4: version 05.44.17 Kernel 5.5: version 05.52.17 https://www.insyde.com/security-pledge/SA-2022062
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.insyde.com/security-pledge | Vendor Advisory | |
| cve@mitre.org | https://www.insyde.com/security-pledge/SA-2022062 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2022062 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FE02F2-B7F1-4542-B113-774A476C451C",
"versionEndExcluding": "5.0.05.09.17",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1580FAB-6AEA-4006-AB3E-3F384ABC7F75",
"versionEndExcluding": "5.1.05.17.17",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "025933E3-5677-4E99-AA74-20CC0DD2AB96",
"versionEndExcluding": "5.2.05.27.17",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABCE7EF5-A44C-408B-BF30-73DD221D71E0",
"versionEndExcluding": "5.3.05.36.17",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B106DD8E-FBC4-4562-8508-69576EF4432D",
"versionEndExcluding": "5.4.05.44.17",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E96A4367-F490-4AD8-B83F-54253E207622",
"versionEndExcluding": "5.5.05.52.17",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.17 Kernel 5.1: version 05.17.17 Kernel 5.2: version 05.27.17 Kernel 5.3: version 05.36.17 Kernel 5.4: version 05.44.17 Kernel 5.5: version 05.52.17 https://www.insyde.com/security-pledge/SA-2022062"
},
{
"lang": "es",
"value": "El uso de un puntero que no es de confianza permite alterar la SMRAM y la memoria del sistema operativo en SdHostDriver y SdMmcDevice. El uso de un puntero que no es de confianza permite alterar la SMRAM y la memoria del sistema operativo en SdHostDriver y SdMmcDevice. Insyde descubri\u00f3 este problema durante la revisi\u00f3n de seguridad. Se solucion\u00f3 en: Kernel 5.0: versi\u00f3n 05.09.17 Kernel 5.1: versi\u00f3n 05.17.17 Kernel 5.2: versi\u00f3n 05.27.17 Kernel 5.3: versi\u00f3n 05.36.17 Kernel 5.4: versi\u00f3n 05.44.17 Kernel 5.5: versi\u00f3n 05.52.17 https:/ /www.insyde.com/security-pledge/SA-2022062"
}
],
"id": "CVE-2022-29279",
"lastModified": "2024-11-21T06:58:51.713",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-15T22:15:11.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022062"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-15 00:15
Modified
2024-11-21 07:08
Severity ?
Summary
DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group, Fixed in kernel 5.2: 05.27.23, kernel 5.3: 05.36.23, kernel 5.4: 05.44.23, kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022047
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.insyde.com/security-pledge | Vendor Advisory | |
| cve@mitre.org | https://www.insyde.com/security-pledge/SA-2022047 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2022047 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94BB75BA-F075-45A2-AD76-BA8DCA2F4CEF",
"versionEndExcluding": "5.2.05.27.23",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B164BDEE-BE93-4EB5-89E7-AB2D63512CA6",
"versionEndExcluding": "5.3.05.36.23",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5CC2DFA-DE56-4615-8F35-84F3ACD3B541",
"versionEndExcluding": "5.4.05.44.23",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9786B2BB-8754-4BA4-868E-FA2468D13AD2",
"versionEndExcluding": "5.5.05.52.23",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group, Fixed in kernel 5.2: 05.27.23, kernel 5.3: 05.36.23, kernel 5.4: 05.44.23, kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022047"
},
{
"lang": "es",
"value": "Las transacciones DMA que est\u00e1n dirigidas a los b\u00faferes de entrada utilizados para el controlador SMI del software AhciBusDxe podr\u00edan causar corrupci\u00f3n de SMRAM (un ataque TOCTOU). Las transacciones DMA que est\u00e1n dirigidas a los b\u00faferes de entrada utilizados para el controlador SMI de software utilizado por el controlador AhciBusDxe podr\u00edan causar corrupci\u00f3n de SMRAM a trav\u00e9s de un ataque TOCTOU. Este problema fue descubierto por ingenier\u00eda de Insyde bas\u00e1ndose en la descripci\u00f3n general proporcionada por el grupo iSTARE de Intel, solucionado en el kernel 5.2: 05.27.23, kernel 5.3: 05.36.23, kernel 5.4: 05.44.23, kernel 5.5: 05.52.23 https:/ /www.insyde.com/security-pledge/SA-2022047"
}
],
"id": "CVE-2022-33905",
"lastModified": "2024-11-21T07:08:34.283",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-15T00:15:11.770",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022047"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-15 00:15
Modified
2024-11-21 07:08
Severity ?
Summary
DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdMmcDevice driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. This was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022054
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27D786B-7905-4963-8919-C06B53FF1BE7",
"versionEndExcluding": "5.2.05.27.25",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D80AAA27-6BBB-4476-9A8B-75C838DD3CB3",
"versionEndExcluding": "5.3.05.36.25",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F161D09-7811-4B26-914E-C082D86044A4",
"versionEndExcluding": "5.4.05.44.25",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AEA99AC-5827-430B-97AD-35178056390C",
"versionEndExcluding": "5.5.05.52.25",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdMmcDevice driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. This was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022054"
},
{
"lang": "es",
"value": "Las transacciones DMA que est\u00e1n dirigidas a los b\u00fafers de entrada utilizados para el controlador SMI del software SdMmcDevice podr\u00edan causar corrupci\u00f3n de SMRAM a trav\u00e9s de un ataque TOCTOU. Las transacciones DMA que est\u00e1n dirigidas a los b\u00fafers de entrada utilizados para el controlador SMI de software utilizado por el controlador SdMmcDevice podr\u00edan causar corrupci\u00f3n de SMRAM a trav\u00e9s de un ataque TOCTOU. Este problema fue descubierto por ingenier\u00eda de Insyde bas\u00e1ndose en la descripci\u00f3n general proporcionada por el grupo iSTARE de Intel. Esto se solucion\u00f3 en el kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022054"
}
],
"id": "CVE-2022-33984",
"lastModified": "2024-11-21T07:08:43.130",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-15T00:15:12.193",
"references": [
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022054"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-15 00:15
Modified
2024-11-21 07:08
Severity ?
Summary
DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. This issue was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022055
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.insyde.com/security-pledge | Vendor Advisory | |
| cve@mitre.org | https://www.insyde.com/security-pledge/SA-2022055 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2022055 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27D786B-7905-4963-8919-C06B53FF1BE7",
"versionEndExcluding": "5.2.05.27.25",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D80AAA27-6BBB-4476-9A8B-75C838DD3CB3",
"versionEndExcluding": "5.3.05.36.25",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F161D09-7811-4B26-914E-C082D86044A4",
"versionEndExcluding": "5.4.05.44.25",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AEA99AC-5827-430B-97AD-35178056390C",
"versionEndExcluding": "5.5.05.52.25",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. This issue was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022055"
},
{
"lang": "es",
"value": "Las transacciones DMA que est\u00e1n dirigidas a los b\u00faferes de entrada utilizados para el controlador SMI del software NvmExpressDxe podr\u00edan causar corrupci\u00f3n de SMRAM a trav\u00e9s de un ataque TOCTOU. Las transacciones DMA que est\u00e1n dirigidas a los b\u00faferes de entrada utilizados para el controlador SMI de software utilizado por el controlador NvmExpressDxe podr\u00edan causar corrupci\u00f3n de SMRAM a trav\u00e9s de un ataque TOCTOU. Este problema fue descubierto por ingenier\u00eda de Insyde bas\u00e1ndose en la descripci\u00f3n general proporcionada por el grupo iSTARE de Intel. Este problema se solucion\u00f3 en el kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022055"
}
],
"id": "CVE-2022-33985",
"lastModified": "2024-11-21T07:08:43.307",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-15T00:15:12.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022055"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-15 00:15
Modified
2024-11-21 07:04
Severity ?
Summary
Update description and links DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption through a TOCTOU attack.. "DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in Kernel 5.2: 05.27.21. Kernel 5.3: 05.36.21. Kernel 5.4: 05.44.21. Kernel 5.5: 05.52.21 https://www.insyde.com/security-pledge/SA-2022044
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C087718-2996-4535-B23D-9E63E6A44289",
"versionEndExcluding": "5.2.05.27.21",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2879B5DC-CBDE-414A-B872-7145F39684F9",
"versionEndExcluding": "5.3.05.36.21",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26A55209-8EF2-4E7A-B2C5-8254096DB418",
"versionEndExcluding": "5.4.05.44.21",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4661E31-75B8-41A8-B5AD-04D22F2B1BA5",
"versionEndExcluding": "5.5.05.52.21",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Update description and links DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption through a TOCTOU attack.. \"DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. Fixed in Kernel 5.2: 05.27.21. Kernel 5.3: 05.36.21. Kernel 5.4: 05.44.21. Kernel 5.5: 05.52.21 https://www.insyde.com/security-pledge/SA-2022044"
},
{
"lang": "es",
"value": "Actualizar descripci\u00f3n y enlaces Las transacciones DMA que est\u00e1n dirigidas a los b\u00faferes de entrada utilizados para el controlador SMI de software utilizado por el controlador FvbServicesRuntimeDxe podr\u00edan causar corrupci\u00f3n de SMRAM a trav\u00e9s de un ataque TOCTOU. \"Las transacciones DMA que est\u00e1n dirigidas a los b\u00faferes de entrada utilizados para el controlador SMI de software utilizado por el controlador FvbServicesRuntimeDxe podr\u00eda causar corrupci\u00f3n de SMRAM. Este problema fue descubierto por ingenier\u00eda de Insyde bas\u00e1ndose en la descripci\u00f3n general proporcionada por el grupo iSTARE de Intel. Corregido en Kernel 5.2: 05.27.21. Kernel 5.3: 05.36.21. Kernel 5.4: 05.44.21. Kernel 5.5: 05.52.21 https://www.insyde.com/security-pledge/SA-2022044"
}
],
"id": "CVE-2022-31243",
"lastModified": "2024-11-21T07:04:12.250",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-15T00:15:11.377",
"references": [
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022044"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-15 21:15
Modified
2024-11-21 06:58
Severity ?
Summary
In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 Kernel 5.1: version 05.17.21 Kernel 5.2: version 05.27.21 Kernel 5.3: version 05.36.21 Kernel 5.4: version 05.44.21 Kernel 5.5: version 05.52.21 https://www.insyde.com/security-pledge/SA-2022058
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.insyde.com/security-pledge | Vendor Advisory | |
| cve@mitre.org | https://www.insyde.com/security-pledge/SA-2022058 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2022058 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A9A1C53-7B00-477D-B8AA-6B1A8EB1DAA5",
"versionEndIncluding": "5.0.05.09.21",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6606DD2A-0C65-4D84-B301-313850F7A631",
"versionEndExcluding": "5.1.05.17.21",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B66937EE-AE21-45AD-8FE1-2580A5CD23B1",
"versionEndExcluding": "5.2.05.27.21",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23089DD9-DF12-4732-B201-D1EBDBB1D53A",
"versionEndExcluding": "5.3.05.36.21",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4996E78F-CF7A-49A7-86D8-99904B50CBE2",
"versionEndExcluding": "5.4.05.44.21",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DF5BB25-36A1-49C2-8AFB-A78E18A322ED",
"versionEndExcluding": "5.5.05.52.21",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 Kernel 5.1: version 05.17.21 Kernel 5.2: version 05.27.21 Kernel 5.3: version 05.36.21 Kernel 5.4: version 05.44.21 Kernel 5.5: version 05.52.21 https://www.insyde.com/security-pledge/SA-2022058"
},
{
"lang": "es",
"value": "En UsbCoreDxe, la entrada que no es de confianza puede permitir la manipulaci\u00f3n de la memoria SMRAM o del Sistema Operativo. El uso de punteros que no son de confianza podr\u00eda permitir la manipulaci\u00f3n de la memoria SMRAM o del Sistema Operativo, lo que lleva a una escalada de privilegios. Insyde descubri\u00f3 este problema durante la revisi\u00f3n de seguridad. Se solucion\u00f3 en: Kernel 5.0: versi\u00f3n 05.09.21 Kernel 5.1: versi\u00f3n 05.17.21 Kernel 5.2: versi\u00f3n 05.27.21 Kernel 5.3: versi\u00f3n 05.36.21 Kernel 5.4: versi\u00f3n 05.44.21 Kernel 5.5: versi\u00f3n 05.52.21https:/ /www.insyde.com/security-pledge/SA-2022058"
}
],
"id": "CVE-2022-29275",
"lastModified": "2024-11-21T06:58:51.080",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-15T21:15:36.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022058"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-15 00:15
Modified
2024-11-21 07:06
Severity ?
Summary
DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DMA transactions which are targeted at input buffers used for the software SMI handler used by the SmmResourceCheckDxe driver could cause SMRAM corruption through a TOCTOU attack... This issue was discovered by Insyde engineering. Fixed in kernel Kernel 5.2: 05.27.23. Kernel 5.3: 05.36.23. Kernel 5.4: 05.44.23. Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022046
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.insyde.com/security-pledge | Vendor Advisory | |
| cve@mitre.org | https://www.insyde.com/security-pledge/SA-2022046 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2022046 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94BB75BA-F075-45A2-AD76-BA8DCA2F4CEF",
"versionEndExcluding": "5.2.05.27.23",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B164BDEE-BE93-4EB5-89E7-AB2D63512CA6",
"versionEndExcluding": "5.3.05.36.23",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5CC2DFA-DE56-4615-8F35-84F3ACD3B541",
"versionEndExcluding": "5.4.05.44.23",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9786B2BB-8754-4BA4-868E-FA2468D13AD2",
"versionEndExcluding": "5.5.05.52.23",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DMA transactions which are targeted at input buffers used for the software SMI handler used by the SmmResourceCheckDxe driver could cause SMRAM corruption through a TOCTOU attack... This issue was discovered by Insyde engineering. Fixed in kernel Kernel 5.2: 05.27.23. Kernel 5.3: 05.36.23. Kernel 5.4: 05.44.23. Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022046"
},
{
"lang": "es",
"value": "Las transacciones DMA que est\u00e1n dirigidas a los b\u00faferes de entrada utilizados para el controlador SMI del software SmmResourceCheckDxe causan corrupci\u00f3n de SMRAM (un ataque TOCTOU) Las transacciones DMA que est\u00e1n dirigidas a los b\u00faferes de entrada utilizados para el controlador SMI del software utilizado por el controlador SmmResourceCheckDxe podr\u00edan causar corrupci\u00f3n de SMRAM a trav\u00e9s de un ataque TOCTOU ... Este problema fue descubierto por la ingenier\u00eda de Insyde. Corregido en el kernel Kernel 5.2: 27.05.23. N\u00facleo 5.3: 36.05.23. N\u00facleo 5.4: 05.44.23. N\u00facleo 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022046"
}
],
"id": "CVE-2022-32267",
"lastModified": "2024-11-21T07:06:03.733",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-15T00:15:11.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022046"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-15 00:15
Modified
2024-11-21 07:08
Severity ?
Summary
DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the HddPassword driver could cause SMRAM corruption through a TOCTOU attack..This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022051
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.insyde.com/security-pledge | Vendor Advisory | |
| cve@mitre.org | https://www.insyde.com/security-pledge/SA-2022051 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2022051 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94BB75BA-F075-45A2-AD76-BA8DCA2F4CEF",
"versionEndExcluding": "5.2.05.27.23",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B164BDEE-BE93-4EB5-89E7-AB2D63512CA6",
"versionEndExcluding": "5.3.05.36.23",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5CC2DFA-DE56-4615-8F35-84F3ACD3B541",
"versionEndExcluding": "5.4.05.44.23",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9786B2BB-8754-4BA4-868E-FA2468D13AD2",
"versionEndExcluding": "5.5.05.52.23",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the HddPassword driver could cause SMRAM corruption through a TOCTOU attack..This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. Fixed in kernel Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022051"
},
{
"lang": "es",
"value": "Las transacciones DMA que est\u00e1n dirigidas a los b\u00faferes de entrada utilizados para el controlador SMI del software HddPassword podr\u00edan causar corrupci\u00f3n de SMRAM a trav\u00e9s de un ataque TOCTOU. Las transacciones DMA que est\u00e1n dirigidas a los b\u00faferes de entrada utilizados para el controlador SMI de software utilizado por el controlador HddPassword podr\u00edan causar corrupci\u00f3n de SMRAM a trav\u00e9s de un ataque TOCTOU. Este problema fue descubierto por la ingenier\u00eda de Insyde bas\u00e1ndose en la descripci\u00f3n general proporcionada por el grupo iSTARE de Intel. Corregido en el kernel Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022051"
}
],
"id": "CVE-2022-33909",
"lastModified": "2024-11-21T07:08:34.993",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-15T00:15:12.017",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022051"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-15 22:15
Modified
2024-11-21 06:58
Severity ?
Summary
Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during security review. Fixed in: Kernel 5.1: Version 05.17.23 Kernel 5.2: Version 05.27.23 Kernel 5.3: Version 05.36.23 Kernel 5.4: Version 05.44.23 Kernel 5.5: Version 05.52.23 https://www.insyde.com/security-pledge/SA-2022061
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.insyde.com/security-pledge | Vendor Advisory | |
| cve@mitre.org | https://www.insyde.com/security-pledge/SA-2022061 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2022061 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4185E11-99C3-4791-99E1-69D5DF200437",
"versionEndExcluding": "5.1.05.17.23",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD13A6E4-E33E-47B5-BD87-77ACDD24677F",
"versionEndExcluding": "5.2.05.27.23",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "022E9833-D46F-4174-B17A-A63A751AC729",
"versionEndExcluding": "5.3.05.36.23",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E56B79E-78F2-4CAC-9314-08C5E53D8600",
"versionEndExcluding": "5.4.05.44.23",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51808FCE-4F4E-43CA-82FD-FF64E97FA613",
"versionEndExcluding": "5.5.05.52.23",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during security review. Fixed in: Kernel 5.1: Version 05.17.23 Kernel 5.2: Version 05.27.23 Kernel 5.3: Version 05.36.23 Kernel 5.4: Version 05.44.23 Kernel 5.5: Version 05.52.23 https://www.insyde.com/security-pledge/SA-2022061"
},
{
"lang": "es",
"value": "Las comprobaciones de puntero incorrectas dentro del controlador NvmExpressDxe pueden permitir la manipulaci\u00f3n de SMRAM y la memoria del sistema operativo. Las comprobaciones de puntero incorrectas dentro del controlador NvmExpressDxe pueden permitir la manipulaci\u00f3n de la memoria SMRAM y del sistema operativo. Insyde descubri\u00f3 este problema durante la revisi\u00f3n de seguridad. Corregido en: Kernel 5.1: Versi\u00f3n 05.17.23 Kernel 5.2: Versi\u00f3n 05.27.23 Kernel 5.3: Versi\u00f3n 05.36.23 Kernel 5.4: Versi\u00f3n 05.44.23 Kernel 5.5: Versi\u00f3n 05.52.23 https://www.insyde.com/security- compromiso/SA-2022061"
}
],
"id": "CVE-2022-29278",
"lastModified": "2024-11-21T06:58:51.567",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-15T22:15:11.117",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022061"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-15 00:15
Modified
2024-11-21 07:08
Severity ?
Summary
DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the driver VariableRuntimeDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23. CWE-367 CWE-367 Report at: https://www.insyde.com/security-pledge/SA-2022056
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.insyde.com/security-pledge | Vendor Advisory | |
| cve@mitre.org | https://www.insyde.com/security-pledge/SA-2022056 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2022056 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5CC2DFA-DE56-4615-8F35-84F3ACD3B541",
"versionEndExcluding": "5.4.05.44.23",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9786B2BB-8754-4BA4-868E-FA2468D13AD2",
"versionEndExcluding": "5.5.05.52.23",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the driver VariableRuntimeDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23. CWE-367 CWE-367 Report at: https://www.insyde.com/security-pledge/SA-2022056"
},
{
"lang": "es",
"value": "Los ataques DMA al b\u00fafer de par\u00e1metros utilizado por el controlador SMI del software VariableRuntimeDxe podr\u00edan provocar un ataque TOCTOU. Los ataques DMA al b\u00fafer de par\u00e1metros utilizado por el controlador SMI de software utilizado por el controlador VariableRuntimeDxe podr\u00edan provocar un ataque TOCTOU al controlador SMI y provocar la corrupci\u00f3n de SMRAM. Este problema fue descubierto por la ingenier\u00eda de Insyde durante una revisi\u00f3n de seguridad. Este problema se solucion\u00f3 en Kernel 5.4: 05.44.23 y Kernel 5.5: 05.52.23. CWE-367 Informe CWE-367 en: https://www.insyde.com/security-pledge/SA-2022056"
}
],
"id": "CVE-2022-33986",
"lastModified": "2024-11-21T07:08:43.463",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-15T00:15:12.353",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022056"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-14 23:15
Modified
2024-11-21 07:08
Severity ?
Summary
DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D27D786B-7905-4963-8919-C06B53FF1BE7",
"versionEndExcluding": "5.2.05.27.25",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D80AAA27-6BBB-4476-9A8B-75C838DD3CB3",
"versionEndExcluding": "5.3.05.36.25",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F161D09-7811-4B26-914E-C082D86044A4",
"versionEndExcluding": "5.4.05.44.25",
"versionStartIncluding": "5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049"
},
{
"lang": "es",
"value": "Las transacciones DMA que est\u00e1n dirigidas a los b\u00faferes de entrada utilizados para el controlador SMI de software utilizado por el controlador IdeBusDxe podr\u00edan causar corrupci\u00f3n de SMRAM a trav\u00e9s de un ataque TOCTOU... Las transacciones DMA que est\u00e1n dirigidas a los b\u00faferes de entrada utilizados para el controlador SMI de software utilizado por el controlador IdeBusDxe podr\u00edan causar corrupci\u00f3n SMRAM a trav\u00e9s de un ataque TOCTOU. Este problema fue descubierto por ingenier\u00eda de Insyde bas\u00e1ndose en la descripci\u00f3n general proporcionada por el grupo iSTARE de Intel. Corregido en kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049"
}
],
"id": "CVE-2022-33907",
"lastModified": "2024-11-21T07:08:34.630",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-14T23:15:10.053",
"references": [
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022049"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-15 21:15
Modified
2024-11-21 07:03
Severity ?
Summary
Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrite SMRAM or OS kernel memory. This issue was discovered by Insyde engineering during a security review. This issue is fixed in: Kernel 5.0: 05.09.41 Kernel 5.1: 05.17.43 Kernel 5.2: 05.27.30 Kernel 5.3: 05.36.30 Kernel 5.4: 05.44.30 Kernel 5.5: 05.52.30 https://www.insyde.com/security-pledge/SA-2022065
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.insyde.com/security-pledge | Vendor Advisory | |
| cve@mitre.org | https://www.insyde.com/security-pledge/SA-2022065 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2022065 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB28033A-E19C-48E1-8102-3DA3A3E7151F",
"versionEndExcluding": "5.0.05.09.41",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFE53C31-5FBE-4466-B1D5-8A932BAA952A",
"versionEndExcluding": "5.1.05.17.43",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6DDEF0-F902-422B-982A-B06D9B249565",
"versionEndExcluding": "5.2.05.27.30",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2696DAE6-A3F9-4902-B9D7-38B2D88D0E57",
"versionEndExcluding": "5.3.05.36.30",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1EF4E69-0514-4BB8-A2B2-3DD72D2CB2E3",
"versionEndExcluding": "5.4.05.44.30",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "643056D6-2573-4B71-935F-044E83EF81E9",
"versionEndExcluding": "5.5.05.52.30",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrite SMRAM or OS kernel memory. This issue was discovered by Insyde engineering during a security review. This issue is fixed in: Kernel 5.0: 05.09.41 Kernel 5.1: 05.17.43 Kernel 5.2: 05.27.30 Kernel 5.3: 05.36.30 Kernel 5.4: 05.44.30 Kernel 5.5: 05.52.30 https://www.insyde.com/security-pledge/SA-2022065"
},
{
"lang": "es",
"value": "La manipulaci\u00f3n de la direcci\u00f3n de entrada en la funci\u00f3n PnpSmm 0x52 podr\u00eda ser utilizada por malware para sobrescribir SMRAM o la memoria del kernel del Sistema Operativo. A la funci\u00f3n 0x52 del controlador PnpSmm se le pasa la direcci\u00f3n y el tama\u00f1o de los datos para escribir en la tabla SMBIOS, pero el malware podr\u00eda utilizar la manipulaci\u00f3n de la direcci\u00f3n para sobrescribir SMRAM o la memoria del kernel del Sistema Operativo. Este problema fue descubierto por la ingenier\u00eda de Insyde durante una revisi\u00f3n de seguridad. Este problema se solucion\u00f3 en: Kernel 5.0: 05.09.41 Kernel 5.1: 05.17.43 Kernel 5.2: 05.27.30 Kernel 5.3: 05.36.30 Kernel 5.4: 05.44.30 Kernel 5.5: 05.52.30 \nhttps://www.insyde.com/security-pledge/SA-2022065"
}
],
"id": "CVE-2022-30772",
"lastModified": "2024-11-21T07:03:20.927",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-15T21:15:36.967",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022065"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-14 22:15
Modified
2024-11-21 07:03
Severity ?
Summary
DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). This issue was discovered by Insyde engineering. This issue is fixed in Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23. CWE-367
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.insyde.com/security-pledge | Vendor Advisory | |
| cve@mitre.org | https://www.insyde.com/security-pledge/SA-2022042 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2022042 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5CC2DFA-DE56-4615-8F35-84F3ACD3B541",
"versionEndExcluding": "5.4.05.44.23",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9786B2BB-8754-4BA4-868E-FA2468D13AD2",
"versionEndExcluding": "5.5.05.52.23",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). This issue was discovered by Insyde engineering. This issue is fixed in Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23. CWE-367"
},
{
"lang": "es",
"value": "Los ataques DMA al b\u00fafer de par\u00e1metros utilizado por el controlador IhisiSmm podr\u00edan cambiar el contenido despu\u00e9s de que se hayan verificado los valores de los par\u00e1metros pero antes de usarlos (un ataque TOCTOU). Los ataques DMA al b\u00fafer de par\u00e1metros utilizado por el controlador IhisiSmm podr\u00edan cambiar el contenido despu\u00e9s de que se hayan verificado los valores de los par\u00e1metros pero antes de usarlos (un ataque TOCTOU). Este problema fue descubierto por la ingenier\u00eda de Insyde. Este problema se solucion\u00f3 en Kernel 5.4: 05.44.23 y Kernel 5.5: 05.52.23. CWE-367"
}
],
"id": "CVE-2022-30773",
"lastModified": "2024-11-21T07:03:21.073",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-14T22:15:13.373",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022042"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-21 17:15
Modified
2024-11-21 07:11
Severity ?
Summary
An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally locked (read-only) at the OS level and therefore an attack would require direct SPI modification. If an attacker can change the values of at least two variables out of three (SecureBootEnforce, SecureBoot, RestoreBootSettings), it is possible to execute arbitrary code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.insyde.com/security-pledge | Vendor Advisory | |
| cve@mitre.org | https://www.insyde.com/security-pledge/SA-2022041 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2022041 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5100FC-51F0-48D6-A4F0-782F1281DBF3",
"versionEndIncluding": "5.5",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally locked (read-only) at the OS level and therefore an attack would require direct SPI modification. If an attacker can change the values of at least two variables out of three (SecureBootEnforce, SecureBoot, RestoreBootSettings), it is possible to execute arbitrary code."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad de desbordamiento del b\u00fafer que provoca un problema de ejecuci\u00f3n de c\u00f3digo arbitrario en Insyde InsydeH2O con kernel 5.0 a 5.5. Si el atacante modifica variables UEFI espec\u00edficas, puede provocar un desbordamiento de la pila, lo que lleva a la ejecuci\u00f3n de c\u00f3digo arbitrario. Las variables espec\u00edficas normalmente est\u00e1n bloqueadas (de solo lectura) a nivel del sistema operativo y, por lo tanto, un ataque requerir\u00eda una modificaci\u00f3n directa del SPI. Si un atacante puede cambiar los valores de al menos dos variables de tres (SecureBootEnforce, SecureBoot, RestoreBootSettings), es posible ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2022-35897",
"lastModified": "2024-11-21T07:11:54.230",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-21T17:15:25.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022041"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-15 21:15
Modified
2024-11-21 07:03
Severity ?
Summary
Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineering during a security review. Fixed in: Kernel 5.1: Version 05.17.25 Kernel 5.2: Version 05.27.25 Kernel 5.3: Version 05.36.25 Kernel 5.4: Version 05.44.25 Kernel 5.5: Version 05.52.25 https://www.insyde.com/security-pledge/SA-2022064
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.insyde.com/security-pledge | Vendor Advisory | |
| cve@mitre.org | https://www.insyde.com/security-pledge/SA-2022064 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2022064 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5BBA052D-95BD-4DAA-B2EB-158CA57C92F1",
"versionEndExcluding": "5.1.05.17.25",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63A5141F-8209-406C-BC3E-1B0CEB9AF4FE",
"versionEndExcluding": "5.2.05.27.25",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCA8A888-C5DC-4550-8494-E72E886A7D33",
"versionEndExcluding": "5.3.05.36.25",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB9D389D-0C85-4107-8CBD-BD647C7CFFC7",
"versionEndExcluding": "5.4.05.44.25",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "472F2FC3-4BB0-468E-8F24-08C6CED5DA8B",
"versionEndExcluding": "5.5.05.52.25",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineering during a security review. Fixed in: Kernel 5.1: Version 05.17.25 Kernel 5.2: Version 05.27.25 Kernel 5.3: Version 05.36.25 Kernel 5.4: Version 05.44.25 Kernel 5.5: Version 05.52.25 https://www.insyde.com/security-pledge/SA-2022064"
},
{
"lang": "es",
"value": "La funci\u00f3n de inicializaci\u00f3n en PnpSmm podr\u00eda provocar da\u00f1os en la SMRAM al utilizar funciones PNP SMI posteriores. La funci\u00f3n de inicializaci\u00f3n en PnpSmm podr\u00eda provocar da\u00f1os en la SMRAM al utilizar funciones PNP SMI posteriores. Este problema fue descubierto por la ingenier\u00eda de Insyde durante una revisi\u00f3n de seguridad. Corregido en: Kernel 5.1: Versi\u00f3n 05.17.25 Kernel 5.2: Versi\u00f3n 05.27.25 Kernel 5.3: Versi\u00f3n 05.36.25 Kernel 5.4: Versi\u00f3n 05.44.25 Kernel 5.5: Versi\u00f3n 05.52.25 \nhttps://www.insyde.com/security- promesa/SA-2022064"
}
],
"id": "CVE-2022-30771",
"lastModified": "2024-11-21T07:03:20.777",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-15T21:15:36.910",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022064"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-15 00:15
Modified
2024-11-21 07:03
Severity ?
Summary
DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) . This issue was discovered by Insyde engineering during a security review. This iss was fixed in Kernel 5.2: 05.27.29, Kernel 5.3: 05.36.25, Kernel 5.4: 05.44.25, Kernel 5.5: 05.52.25. CWE-367 https://www.insyde.com/security-pledge/SA-2022043
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3AD2F03-B15B-41F0-899F-075A1BD9DF30",
"versionEndExcluding": "5.2.05.27.29",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D80AAA27-6BBB-4476-9A8B-75C838DD3CB3",
"versionEndExcluding": "5.3.05.36.25",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F161D09-7811-4B26-914E-C082D86044A4",
"versionEndExcluding": "5.4.05.44.25",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AEA99AC-5827-430B-97AD-35178056390C",
"versionEndExcluding": "5.5.05.52.25",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) . This issue was discovered by Insyde engineering during a security review. This iss was fixed in Kernel 5.2: 05.27.29, Kernel 5.3: 05.36.25, Kernel 5.4: 05.44.25, Kernel 5.5: 05.52.25. CWE-367 https://www.insyde.com/security-pledge/SA-2022043"
},
{
"lang": "es",
"value": "Los ataques DMA al b\u00fafer de par\u00e1metros utilizado por el controlador PnpSmm podr\u00edan cambiar el contenido despu\u00e9s de que se hayan verificado los valores de los par\u00e1metros, pero antes de que se utilicen (un ataque TOCTOU). Los ataques DMA al b\u00fafer de par\u00e1metros utilizado por el controlador PnpSmm podr\u00edan cambiar el contenido despu\u00e9s de que se hayan verificado los valores de los par\u00e1metros han sido verificados pero antes de ser utilizados (un ataque TOCTOU). Este problema fue descubierto por la ingenier\u00eda de Insyde durante una revisi\u00f3n de seguridad. Este problema se solucion\u00f3 en Kernel 5.2: 05.27.29, Kernel 5.3: 05.36.25, Kernel 5.4: 05.44.25, Kernel 5.5: 05.52.25. CWE-367 https://www.insyde.com/security-pledge/SA-2022043"
}
],
"id": "CVE-2022-30774",
"lastModified": "2024-11-21T07:03:21.233",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-15T00:15:09.823",
"references": [
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022043"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-03 22:15
Modified
2024-11-21 06:17
Severity ?
7.4 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| infosec@edk2.groups.io | https://bugzilla.tianocore.org/show_bug.cgi?id=3387 | Issue Tracking, Vendor Advisory | |
| infosec@edk2.groups.io | https://www.insyde.com/security-pledge/SA-2023024 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.tianocore.org/show_bug.cgi?id=3387 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2023024 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B1E98B-2D63-42E3-B6F8-139CC32BA4B0",
"versionEndIncluding": "202202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:insyde:kernel:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FFCC4619-B867-4E23-AF05-FF92B43628AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB40061A-BEDF-4D72-BF2D-D1B10EB80A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9D6AFE61-A2A4-49DF-A8EE-B2F425DA7A08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D21132C0-F2CF-4134-A165-926155031913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6549F7F1-A438-4C84-9D66-C89C697E2A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DE339FA1-8572-4365-B420-530D62686C08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize."
},
{
"lang": "es",
"value": "Unas comprobaciones existentes de CommBuffer en SmmEntryPoint no detectan el desbordamiento cuando es calculado BufferSize"
}
],
"id": "CVE-2021-38578",
"lastModified": "2024-11-21T06:17:33.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"source": "infosec@edk2.groups.io",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-03T22:15:08.423",
"references": [
{
"source": "infosec@edk2.groups.io",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3387"
},
{
"source": "infosec@edk2.groups.io",
"tags": [
"Third Party Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2023024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2023024"
}
],
"sourceIdentifier": "infosec@edk2.groups.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-124"
}
],
"source": "infosec@edk2.groups.io",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-15 21:15
Modified
2024-11-21 07:02
Severity ?
Summary
In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges The UsbCoreDxe module creates a working buffer for USB transactions outside of SMRAM. The code which uses can be inside of SMM, making the working buffer untrusted input. The buffer can be corrupted by DMA transfers. The SMM code code attempts to sanitize pointers to ensure all pointers refer to the working buffer, but when a pointer is not found in the list of pointers to sanitize, the current action is not aborted, leading to undefined behavior. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in: Kernel 5.0: Version 05.09. 21 Kernel 5.1: Version 05.17.21 Kernel 5.2: Version 05.27.21 Kernel 5.3: Version 05.36.21 Kernel 5.4: Version 05.44.21 Kernel 5.5: Version 05.52.21 https://www.insyde.com/security-pledge/SA-2022063
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.insyde.com/security-pledge | Vendor Advisory | |
| cve@mitre.org | https://www.insyde.com/security-pledge/SA-2022063 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2022063 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F771B7F-6A86-4EF3-9AD4-22A7A9679BDE",
"versionEndExcluding": "5.0.05.09.21",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6606DD2A-0C65-4D84-B301-313850F7A631",
"versionEndExcluding": "5.1.05.17.21",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B66937EE-AE21-45AD-8FE1-2580A5CD23B1",
"versionEndExcluding": "5.2.05.27.21",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23089DD9-DF12-4732-B201-D1EBDBB1D53A",
"versionEndExcluding": "5.3.05.36.21",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4996E78F-CF7A-49A7-86D8-99904B50CBE2",
"versionEndExcluding": "5.4.05.44.21",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DF5BB25-36A1-49C2-8AFB-A78E18A322ED",
"versionEndExcluding": "5.5.05.52.21",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges The UsbCoreDxe module creates a working buffer for USB transactions outside of SMRAM. The code which uses can be inside of SMM, making the working buffer untrusted input. The buffer can be corrupted by DMA transfers. The SMM code code attempts to sanitize pointers to ensure all pointers refer to the working buffer, but when a pointer is not found in the list of pointers to sanitize, the current action is not aborted, leading to undefined behavior. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. Fixed in: Kernel 5.0: Version 05.09. 21 Kernel 5.1: Version 05.17.21 Kernel 5.2: Version 05.27.21 Kernel 5.3: Version 05.36.21 Kernel 5.4: Version 05.44.21 Kernel 5.5: Version 05.52.21 https://www.insyde.com/security-pledge/SA-2022063"
},
{
"lang": "es",
"value": "En UsbCoreDxe, la manipulaci\u00f3n del contenido del b\u00fafer de trabajo USB usando DMA mientras ciertas transacciones USB est\u00e1n en proceso conduce a un problema TOCTOU que podr\u00eda ser utilizado por un atacante para causar corrupci\u00f3n SMRAM y escalada de privilegios. El m\u00f3dulo UsbCoreDxe crea un b\u00fafer de trabajo para transacciones USB fuera de SMRAM. El c\u00f3digo que se utiliza puede estar dentro de SMM, lo que hace que el b\u00fafer de trabajo sea una entrada no confiable. El b\u00fafer puede resultar da\u00f1ado por las transferencias DMA. El c\u00f3digo SMM intenta sanitizar los punteros para garantizar que todos los punteros se refieran al b\u00fafer de trabajo, pero cuando no se encuentra un puntero en la lista de punteros para sanitizar la acci\u00f3n actual no se cancela, lo que genera un comportamiento indefinido. Este problema fue descubierto por ingenier\u00eda de Insyde bas\u00e1ndose en la descripci\u00f3n general proporcionada por el grupo iSTARE de Intel. Corregido en: Kernel 5.0: Versi\u00f3n 05.09. 21 Kernel 5.1: Versi\u00f3n 05.17.21 Kernel 5.2: Versi\u00f3n 05.27.21 Kernel 5.3: Versi\u00f3n 05.36.21 Kernel 5.4: Versi\u00f3n 05.44.21 Kernel 5.5: Versi\u00f3n 05.52.21 \nhttps://www.insyde.com/security-pledge/SA-2022063"
}
],
"id": "CVE-2022-30283",
"lastModified": "2024-11-21T07:02:29.650",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-15T21:15:36.810",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022063"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-14 22:15
Modified
2024-11-21 07:06
Severity ?
Summary
DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23. Kernel 5.2 is unaffected. CWE-787 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the parameter buffer that is used by a software SMI handler (used by the PcdSmmDxe driver) could lead to a TOCTOU race-condition attack on the SMI handler, and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.insyde.com/security-pledge | Vendor Advisory | |
| cve@mitre.org | https://www.insyde.com/security-pledge/SA-2022045 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2022045 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B164BDEE-BE93-4EB5-89E7-AB2D63512CA6",
"versionEndExcluding": "5.3.05.36.23",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5CC2DFA-DE56-4615-8F35-84F3ACD3B541",
"versionEndExcluding": "5.4.05.44.23",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9786B2BB-8754-4BA4-868E-FA2468D13AD2",
"versionEndExcluding": "5.5.05.52.23",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23. Kernel 5.2 is unaffected. CWE-787 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the parameter buffer that is used by a software SMI handler (used by the PcdSmmDxe driver) could lead to a TOCTOU race-condition attack on the SMI handler, and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform."
},
{
"lang": "es",
"value": "Los ataques DMA al b\u00fafer de par\u00e1metros utilizado por un controlador SMI de software utilizado por el controlador PcdSmmDxe podr\u00edan provocar un ataque TOCTOU al controlador SMI y provocar la corrupci\u00f3n de otros campos ACPI y campos de memoria adyacentes. \nLos ataques DMA al b\u00fafer de par\u00e1metros utilizado por un controlador SMI de software utilizado por el controlador PcdSmmDxe podr\u00edan provocar un ataque TOCTOU al controlador SMI y provocar la corrupci\u00f3n de otros campos ACPI y campos de memoria adyacentes.\nEl ataque requerir\u00eda un conocimiento detallado del contenido de la base de datos PCD en la plataforma actual. Este problema fue descubierto por la ingenier\u00eda de Insyde durante una revisi\u00f3n de seguridad. Este problema se solucion\u00f3 en: \nKernel 5.3: 05.36.23\nKernel 5.4: 05.44.23\nKernel 5.5: 05.52.23.\nEl kernel 5.2 no se ve afectado.\nCWE-787 Se descubri\u00f3 un problema en Insyde InsydeH2O con el kernel 5.0 a 5.5. Los ataques DMA al b\u00fafer de par\u00e1metros que utiliza un controlador SMI de software (usado por el controlador PcdSmmDxe) podr\u00edan provocar un ataque de condici\u00f3n de ejecuci\u00f3n TOCTOU en el controlador SMI y provocar la corrupci\u00f3n de otros campos ACPI y campos de memoria adyacentes. El ataque requerir\u00eda un conocimiento detallado del contenido de la base de datos PCD en la plataforma actual."
}
],
"id": "CVE-2022-32266",
"lastModified": "2024-11-21T07:06:03.577",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-14T22:15:13.527",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022045"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-23 03:15
Modified
2024-11-21 07:12
Severity ?
Summary
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.insyde.com/security-pledge | Vendor Advisory | |
| cve@mitre.org | https://www.insyde.com/security-pledge/SA-2022039 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2022039 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC5100FC-51F0-48D6-A4F0-782F1281DBF3",
"versionEndIncluding": "5.5",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Insyde InsydeH2O con los kernels 5.0 a 5.5. Una vulnerabilidad de desbordamiento del b\u00fafer de pila en el controlador MebxConfiguration conduce a la ejecuci\u00f3n de c\u00f3digo arbitrario. El control de una variable UEFI en el sistema operativo puede provocar este desbordamiento cuando se lee mediante el c\u00f3digo BIOS."
}
],
"id": "CVE-2022-36337",
"lastModified": "2024-11-21T07:12:48.987",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-23T03:15:10.130",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022039"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2022-33986
Vulnerability from cvelistv5
Published
2022-11-14 00:00
Modified
2024-08-03 08:16
Severity ?
EPSS score ?
Summary
DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the driver VariableRuntimeDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23. CWE-367 CWE-367 Report at: https://www.insyde.com/security-pledge/SA-2022056
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:16.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022056"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the driver VariableRuntimeDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23. CWE-367 CWE-367 Report at: https://www.insyde.com/security-pledge/SA-2022056"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022056"
}
],
"source": {
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-33986",
"datePublished": "2022-11-14T00:00:00",
"dateReserved": "2022-06-18T00:00:00",
"dateUpdated": "2024-08-03T08:16:16.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35407
Vulnerability from cvelistv5
Published
2022-11-22 00:00
Modified
2024-08-03 09:36
Severity ?
EPSS score ?
Summary
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the first, then the buffer will be overwritten. This issue affects the SetupUtility driver of InsydeH2O.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:36:43.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022040"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the first, then the buffer will be overwritten. This issue affects the SetupUtility driver of InsydeH2O."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-22T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022040"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35407",
"datePublished": "2022-11-22T00:00:00",
"dateReserved": "2022-07-08T00:00:00",
"dateUpdated": "2024-08-03T09:36:43.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31243
Vulnerability from cvelistv5
Published
2022-11-14 00:00
Modified
2024-08-03 07:11
Severity ?
EPSS score ?
Summary
Update description and links DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption through a TOCTOU attack.. "DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in Kernel 5.2: 05.27.21. Kernel 5.3: 05.36.21. Kernel 5.4: 05.44.21. Kernel 5.5: 05.52.21 https://www.insyde.com/security-pledge/SA-2022044
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022044"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Update description and links DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption through a TOCTOU attack.. \"DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. Fixed in Kernel 5.2: 05.27.21. Kernel 5.3: 05.36.21. Kernel 5.4: 05.44.21. Kernel 5.5: 05.52.21 https://www.insyde.com/security-pledge/SA-2022044"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022044"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31243",
"datePublished": "2022-11-14T00:00:00",
"dateReserved": "2022-05-19T00:00:00",
"dateUpdated": "2024-08-03T07:11:39.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29276
Vulnerability from cvelistv5
Published
2022-11-15 00:00
Modified
2024-08-03 06:17
Severity ?
EPSS score ?
Summary
SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18 Kernel 5.2: version 05.27.18 Kernel 5.3: version 05.36.18 Kernel 5.4: version 05.44.18 Kernel 5.5: version 05.52.18 https://www.insyde.com/security-pledge/SA-2022059
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18 Kernel 5.2: version 05.27.18 Kernel 5.3: version 05.36.18 Kernel 5.4: version 05.44.18 Kernel 5.5: version 05.52.18 https://www.insyde.com/security-pledge/SA-2022059"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-15T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022059"
}
],
"source": {
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29276",
"datePublished": "2022-11-15T00:00:00",
"dateReserved": "2022-04-15T00:00:00",
"dateUpdated": "2024-08-03T06:17:54.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33906
Vulnerability from cvelistv5
Published
2022-11-14 00:00
Modified
2024-08-03 08:09
Severity ?
EPSS score ?
Summary
DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the FwBlockServiceSmm driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel 5.2: 05.27.23, 5.3: 05.36.23, 5.4: 05.44.23, 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022048
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022048"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the FwBlockServiceSmm driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. Fixed in kernel 5.2: 05.27.23, 5.3: 05.36.23, 5.4: 05.44.23, 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022048"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022048"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
}
],
"source": {
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-33906",
"datePublished": "2022-11-14T00:00:00",
"dateReserved": "2022-06-17T00:00:00",
"dateUpdated": "2024-08-03T08:09:22.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33982
Vulnerability from cvelistv5
Published
2022-11-14 00:00
Modified
2024-08-03 08:16
Severity ?
EPSS score ?
Summary
DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buffer used by the software SMI handler used by the driver Int15ServiceSmm could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23 CWE-367
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:16.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022052"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buffer used by the software SMI handler used by the driver Int15ServiceSmm could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23 CWE-367"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022052"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
}
],
"source": {
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-33982",
"datePublished": "2022-11-14T00:00:00",
"dateReserved": "2022-06-18T00:00:00",
"dateUpdated": "2024-08-03T08:16:16.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-38578
Vulnerability from cvelistv5
Published
2022-03-03 21:53
Modified
2024-08-06 00:55
Severity ?
EPSS score ?
Summary
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.tianocore.org/show_bug.cgi?id=3387 | x_refsource_MISC | |
| https://www.insyde.com/security-pledge/SA-2023024 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3387"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2023024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "EDK II",
"vendor": "TianoCore",
"versions": [
{
"status": "affected",
"version": "edk2-stable202208"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eExisting CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.\u003c/p\u003e"
}
],
"value": "Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-124",
"description": "A case of CWE-124 is occurring in PiSmmCore.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T00:55:57.322Z",
"orgId": "65518388-201a-4f93-8712-366d21fe8d2c",
"shortName": "TianoCore"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3387"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2023024"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c",
"assignerShortName": "TianoCore",
"cveId": "CVE-2021-38578",
"datePublished": "2022-03-03T21:53:37",
"dateReserved": "2021-08-11T00:00:00",
"dateUpdated": "2024-08-06T00:55:57.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33983
Vulnerability from cvelistv5
Published
2022-11-14 00:00
Modified
2024-08-03 08:16
Severity ?
EPSS score ?
Summary
DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressLegacy driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. This issue was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022053
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:16.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022053"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressLegacy driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. This issue was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022053"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022053"
}
],
"source": {
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-33983",
"datePublished": "2022-11-14T00:00:00",
"dateReserved": "2022-06-18T00:00:00",
"dateUpdated": "2024-08-03T08:16:16.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33905
Vulnerability from cvelistv5
Published
2022-11-14 00:00
Modified
2024-08-03 08:09
Severity ?
EPSS score ?
Summary
DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group, Fixed in kernel 5.2: 05.27.23, kernel 5.3: 05.36.23, kernel 5.4: 05.44.23, kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022047
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group, Fixed in kernel 5.2: 05.27.23, kernel 5.3: 05.36.23, kernel 5.4: 05.44.23, kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022047"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022047"
}
],
"source": {
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-33905",
"datePublished": "2022-11-14T00:00:00",
"dateReserved": "2022-06-17T00:00:00",
"dateUpdated": "2024-08-03T08:09:22.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28468
Vulnerability from cvelistv5
Published
2023-08-03 00:00
Modified
2024-10-17 20:05
Severity ?
EPSS score ?
Summary
An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.284Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2023039"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T20:05:28.569133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T20:05:38.922Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2023039"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28468",
"datePublished": "2023-08-03T00:00:00",
"dateReserved": "2023-03-15T00:00:00",
"dateUpdated": "2024-10-17T20:05:38.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-32267
Vulnerability from cvelistv5
Published
2022-11-14 00:00
Modified
2024-08-03 07:39
Severity ?
EPSS score ?
Summary
DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DMA transactions which are targeted at input buffers used for the software SMI handler used by the SmmResourceCheckDxe driver could cause SMRAM corruption through a TOCTOU attack... This issue was discovered by Insyde engineering. Fixed in kernel Kernel 5.2: 05.27.23. Kernel 5.3: 05.36.23. Kernel 5.4: 05.44.23. Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022046
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:50.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DMA transactions which are targeted at input buffers used for the software SMI handler used by the SmmResourceCheckDxe driver could cause SMRAM corruption through a TOCTOU attack... This issue was discovered by Insyde engineering. Fixed in kernel Kernel 5.2: 05.27.23. Kernel 5.3: 05.36.23. Kernel 5.4: 05.44.23. Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022046"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022046"
}
],
"source": {
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32267",
"datePublished": "2022-11-14T00:00:00",
"dateReserved": "2022-06-03T00:00:00",
"dateUpdated": "2024-08-03T07:39:50.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30773
Vulnerability from cvelistv5
Published
2022-11-14 00:00
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). This issue was discovered by Insyde engineering. This issue is fixed in Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23. CWE-367
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:14.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022042"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). This issue was discovered by Insyde engineering. This issue is fixed in Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23. CWE-367"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022042"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30773",
"datePublished": "2022-11-14T00:00:00",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-08-03T06:56:14.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-32266
Vulnerability from cvelistv5
Published
2022-11-14 00:00
Modified
2024-08-03 07:39
Severity ?
EPSS score ?
Summary
DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23. Kernel 5.2 is unaffected. CWE-787 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the parameter buffer that is used by a software SMI handler (used by the PcdSmmDxe driver) could lead to a TOCTOU race-condition attack on the SMI handler, and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:39:50.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022045"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23. Kernel 5.2 is unaffected. CWE-787 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the parameter buffer that is used by a software SMI handler (used by the PcdSmmDxe driver) could lead to a TOCTOU race-condition attack on the SMI handler, and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022045"
}
],
"source": {
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32266",
"datePublished": "2022-11-14T00:00:00",
"dateReserved": "2022-06-03T00:00:00",
"dateUpdated": "2024-08-03T07:39:50.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30283
Vulnerability from cvelistv5
Published
2022-11-15 00:00
Modified
2024-08-03 06:48
Severity ?
EPSS score ?
Summary
In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges The UsbCoreDxe module creates a working buffer for USB transactions outside of SMRAM. The code which uses can be inside of SMM, making the working buffer untrusted input. The buffer can be corrupted by DMA transfers. The SMM code code attempts to sanitize pointers to ensure all pointers refer to the working buffer, but when a pointer is not found in the list of pointers to sanitize, the current action is not aborted, leading to undefined behavior. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in: Kernel 5.0: Version 05.09. 21 Kernel 5.1: Version 05.17.21 Kernel 5.2: Version 05.27.21 Kernel 5.3: Version 05.36.21 Kernel 5.4: Version 05.44.21 Kernel 5.5: Version 05.52.21 https://www.insyde.com/security-pledge/SA-2022063
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:48:34.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022063"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges The UsbCoreDxe module creates a working buffer for USB transactions outside of SMRAM. The code which uses can be inside of SMM, making the working buffer untrusted input. The buffer can be corrupted by DMA transfers. The SMM code code attempts to sanitize pointers to ensure all pointers refer to the working buffer, but when a pointer is not found in the list of pointers to sanitize, the current action is not aborted, leading to undefined behavior. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. Fixed in: Kernel 5.0: Version 05.09. 21 Kernel 5.1: Version 05.17.21 Kernel 5.2: Version 05.27.21 Kernel 5.3: Version 05.36.21 Kernel 5.4: Version 05.44.21 Kernel 5.5: Version 05.52.21 https://www.insyde.com/security-pledge/SA-2022063"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-15T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022063"
}
],
"source": {
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30283",
"datePublished": "2022-11-15T00:00:00",
"dateReserved": "2022-05-04T00:00:00",
"dateUpdated": "2024-08-03T06:48:34.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33985
Vulnerability from cvelistv5
Published
2022-11-14 00:00
Modified
2024-08-03 08:16
Severity ?
EPSS score ?
Summary
DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. This issue was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022055
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:16.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022055"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. This issue was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022055"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022055"
}
],
"source": {
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-33985",
"datePublished": "2022-11-14T00:00:00",
"dateReserved": "2022-06-18T00:00:00",
"dateUpdated": "2024-08-03T08:16:16.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30774
Vulnerability from cvelistv5
Published
2022-11-14 00:00
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) . This issue was discovered by Insyde engineering during a security review. This iss was fixed in Kernel 5.2: 05.27.29, Kernel 5.3: 05.36.25, Kernel 5.4: 05.44.25, Kernel 5.5: 05.52.25. CWE-367 https://www.insyde.com/security-pledge/SA-2022043
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:14.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022043"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) . This issue was discovered by Insyde engineering during a security review. This iss was fixed in Kernel 5.2: 05.27.29, Kernel 5.3: 05.36.25, Kernel 5.4: 05.44.25, Kernel 5.5: 05.52.25. CWE-367 https://www.insyde.com/security-pledge/SA-2022043"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022043"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30774",
"datePublished": "2022-11-14T00:00:00",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-08-03T06:56:14.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-38575
Vulnerability from cvelistv5
Published
2021-12-01 00:00
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:44:23.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3356"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2023025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "EDK II",
"vendor": "TianoCore",
"versions": [
{
"lessThanOrEqual": "edk2-stable202105",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NetworkPkg/IScsiDxe has remotely exploitable buffer overflows."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-124",
"description": "A case of CWE-124, CWE-680, and CWE-252 is occurring in NetworkPkg/IScsiDxe.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-23T00:00:00",
"orgId": "65518388-201a-4f93-8712-366d21fe8d2c",
"shortName": "TianoCore"
},
"references": [
{
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3356"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2023025"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c",
"assignerShortName": "TianoCore",
"cveId": "CVE-2021-38575",
"datePublished": "2021-12-01T00:00:00",
"dateReserved": "2021-08-11T00:00:00",
"dateUpdated": "2024-08-04T01:44:23.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33909
Vulnerability from cvelistv5
Published
2022-11-14 00:00
Modified
2024-08-03 08:09
Severity ?
EPSS score ?
Summary
DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the HddPassword driver could cause SMRAM corruption through a TOCTOU attack..This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022051
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022051"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the HddPassword driver could cause SMRAM corruption through a TOCTOU attack..This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. Fixed in kernel Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022051"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022051"
}
],
"source": {
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-33909",
"datePublished": "2022-11-14T00:00:00",
"dateReserved": "2022-06-17T00:00:00",
"dateUpdated": "2024-08-03T08:09:22.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29279
Vulnerability from cvelistv5
Published
2022-11-15 00:00
Modified
2024-08-03 06:17
Severity ?
EPSS score ?
Summary
Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.17 Kernel 5.1: version 05.17.17 Kernel 5.2: version 05.27.17 Kernel 5.3: version 05.36.17 Kernel 5.4: version 05.44.17 Kernel 5.5: version 05.52.17 https://www.insyde.com/security-pledge/SA-2022062
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022062"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.17 Kernel 5.1: version 05.17.17 Kernel 5.2: version 05.27.17 Kernel 5.3: version 05.36.17 Kernel 5.4: version 05.44.17 Kernel 5.5: version 05.52.17 https://www.insyde.com/security-pledge/SA-2022062"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-15T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022062"
}
],
"source": {
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29279",
"datePublished": "2022-11-15T00:00:00",
"dateReserved": "2022-04-15T00:00:00",
"dateUpdated": "2024-08-03T06:17:54.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36337
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 10:00
Severity ?
EPSS score ?
Summary
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:00:04.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-23T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022039"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36337",
"datePublished": "2022-11-23T00:00:00",
"dateReserved": "2022-07-21T00:00:00",
"dateUpdated": "2024-08-03T10:00:04.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30772
Vulnerability from cvelistv5
Published
2022-11-15 00:00
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrite SMRAM or OS kernel memory. This issue was discovered by Insyde engineering during a security review. This issue is fixed in: Kernel 5.0: 05.09.41 Kernel 5.1: 05.17.43 Kernel 5.2: 05.27.30 Kernel 5.3: 05.36.30 Kernel 5.4: 05.44.30 Kernel 5.5: 05.52.30 https://www.insyde.com/security-pledge/SA-2022065
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:14.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022065"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrite SMRAM or OS kernel memory. This issue was discovered by Insyde engineering during a security review. This issue is fixed in: Kernel 5.0: 05.09.41 Kernel 5.1: 05.17.43 Kernel 5.2: 05.27.30 Kernel 5.3: 05.36.30 Kernel 5.4: 05.44.30 Kernel 5.5: 05.52.30 https://www.insyde.com/security-pledge/SA-2022065"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-15T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022065"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30772",
"datePublished": "2022-11-15T00:00:00",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-08-03T06:56:14.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-35897
Vulnerability from cvelistv5
Published
2022-11-21 00:00
Modified
2024-08-03 09:44
Severity ?
EPSS score ?
Summary
An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally locked (read-only) at the OS level and therefore an attack would require direct SPI modification. If an attacker can change the values of at least two variables out of three (SecureBootEnforce, SecureBoot, RestoreBootSettings), it is possible to execute arbitrary code.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022041"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally locked (read-only) at the OS level and therefore an attack would require direct SPI modification. If an attacker can change the values of at least two variables out of three (SecureBootEnforce, SecureBoot, RestoreBootSettings), it is possible to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-21T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022041"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35897",
"datePublished": "2022-11-21T00:00:00",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:44:22.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33907
Vulnerability from cvelistv5
Published
2022-11-14 00:00
Modified
2024-08-03 08:09
Severity ?
EPSS score ?
Summary
DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022049"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022049"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
}
],
"source": {
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-33907",
"datePublished": "2022-11-14T00:00:00",
"dateReserved": "2022-06-17T00:00:00",
"dateUpdated": "2024-08-03T08:09:22.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30771
Vulnerability from cvelistv5
Published
2022-11-15 00:00
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineering during a security review. Fixed in: Kernel 5.1: Version 05.17.25 Kernel 5.2: Version 05.27.25 Kernel 5.3: Version 05.36.25 Kernel 5.4: Version 05.44.25 Kernel 5.5: Version 05.52.25 https://www.insyde.com/security-pledge/SA-2022064
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:14.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022064"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineering during a security review. Fixed in: Kernel 5.1: Version 05.17.25 Kernel 5.2: Version 05.27.25 Kernel 5.3: Version 05.36.25 Kernel 5.4: Version 05.44.25 Kernel 5.5: Version 05.52.25 https://www.insyde.com/security-pledge/SA-2022064"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-15T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022064"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30771",
"datePublished": "2022-11-15T00:00:00",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-08-03T06:56:14.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33984
Vulnerability from cvelistv5
Published
2022-11-14 00:00
Modified
2024-08-03 08:16
Severity ?
EPSS score ?
Summary
DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdMmcDevice driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. This was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022054
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:16:16.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022054"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdMmcDevice driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. This was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022054"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022054"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
}
],
"source": {
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-33984",
"datePublished": "2022-11-14T00:00:00",
"dateReserved": "2022-06-18T00:00:00",
"dateUpdated": "2024-08-03T08:16:16.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29275
Vulnerability from cvelistv5
Published
2022-11-15 00:00
Modified
2024-08-03 06:17
Severity ?
EPSS score ?
Summary
In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 Kernel 5.1: version 05.17.21 Kernel 5.2: version 05.27.21 Kernel 5.3: version 05.36.21 Kernel 5.4: version 05.44.21 Kernel 5.5: version 05.52.21 https://www.insyde.com/security-pledge/SA-2022058
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 Kernel 5.1: version 05.17.21 Kernel 5.2: version 05.27.21 Kernel 5.3: version 05.36.21 Kernel 5.4: version 05.44.21 Kernel 5.5: version 05.52.21 https://www.insyde.com/security-pledge/SA-2022058"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-15T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022058"
}
],
"source": {
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29275",
"datePublished": "2022-11-15T00:00:00",
"dateReserved": "2022-04-15T00:00:00",
"dateUpdated": "2024-08-03T06:17:54.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-33908
Vulnerability from cvelistv5
Published
2022-11-14 00:00
Modified
2024-08-03 08:09
Severity ?
EPSS score ?
Summary
DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdHostDriver driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022050
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T08:09:22.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022050"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdHostDriver driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel\u0027s iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022050"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-14T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022050"
}
],
"source": {
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-33908",
"datePublished": "2022-11-14T00:00:00",
"dateReserved": "2022-06-17T00:00:00",
"dateUpdated": "2024-08-03T08:09:22.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29278
Vulnerability from cvelistv5
Published
2022-11-15 00:00
Modified
2024-08-03 06:17
Severity ?
EPSS score ?
Summary
Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during security review. Fixed in: Kernel 5.1: Version 05.17.23 Kernel 5.2: Version 05.27.23 Kernel 5.3: Version 05.36.23 Kernel 5.4: Version 05.44.23 Kernel 5.5: Version 05.52.23 https://www.insyde.com/security-pledge/SA-2022061
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.insyde.com/security-pledge/SA-2022061"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during security review. Fixed in: Kernel 5.1: Version 05.17.23 Kernel 5.2: Version 05.27.23 Kernel 5.3: Version 05.36.23 Kernel 5.4: Version 05.44.23 Kernel 5.5: Version 05.52.23 https://www.insyde.com/security-pledge/SA-2022061"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-15T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.insyde.com/security-pledge"
},
{
"url": "https://www.insyde.com/security-pledge/SA-2022061"
}
],
"source": {
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-29278",
"datePublished": "2022-11-15T00:00:00",
"dateReserved": "2022-04-15T00:00:00",
"dateUpdated": "2024-08-03T06:17:54.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}