Insyde

Insydeh2o

84 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7

CVE-2022-32478

  • EPSS 0.06%
  • Veröffentlicht 15.02.2023 02:15:09
  • Zuletzt bearbeitet 19.03.2025 20:15:16

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the IdeBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privile...

7

CVE-2022-32474

  • EPSS 0.06%
  • Veröffentlicht 15.02.2023 02:15:09
  • Zuletzt bearbeitet 20.03.2025 14:15:15

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the StorageSecurityCommandDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escal...

7

CVE-2022-32471

  • EPSS 0.05%
  • Veröffentlicht 15.02.2023 02:15:09
  • Zuletzt bearbeitet 05.05.2025 17:18:14

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. The IhisiDxe driver uses the command buffer to pass input and output data. By modifying the command buffer contents with DMA after the input parameters have been che...

7.8

CVE-2022-34325

  • EPSS 0.09%
  • Veröffentlicht 14.11.2022 23:15:11
  • Zuletzt bearbeitet 30.04.2025 20:15:18

DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI hand...

8.2

CVE-2022-36448

Exploit
  • EPSS 0.08%
  • Veröffentlicht 28.09.2022 16:15:11
  • Zuletzt bearbeitet 21.05.2025 15:15:57

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver.

8.2

CVE-2022-35893

  • EPSS 0.12%
  • Veröffentlicht 23.09.2022 19:15:14
  • Zuletzt bearbeitet 05.05.2025 17:18:16

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to es...

8.2

CVE-2022-36338

Exploit
  • EPSS 0.1%
  • Veröffentlicht 23.09.2022 18:15:10
  • Zuletzt bearbeitet 05.05.2025 17:18:17

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service G...

6

CVE-2022-35894

Exploit
  • EPSS 0.06%
  • Veröffentlicht 22.09.2022 18:15:10
  • Zuletzt bearbeitet 05.05.2025 17:18:17

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure.

8.2

CVE-2022-35408

Exploit
  • EPSS 0.08%
  • Veröffentlicht 22.09.2022 16:15:09
  • Zuletzt bearbeitet 27.05.2025 16:15:26

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver in UsbLegacyControlSmm leads to possible arbitrary code execution in SMM and escalation of privileges. An attacker could overwrite...

6

CVE-2022-35896

Exploit
  • EPSS 0.09%
  • Veröffentlicht 22.09.2022 00:15:10
  • Zuletzt bearbeitet 05.05.2025 17:18:17

An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of ...