Vulnerabilities > Insyde > Kernel > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-23 | CVE-2022-36337 | Out-of-bounds Write vulnerability in Insyde Kernel An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 8.2 |
| 2022-11-22 | CVE-2022-35407 | Out-of-bounds Write vulnerability in Insyde Kernel An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 7.8 |
| 2022-11-15 | CVE-2022-29276 | Out-of-bounds Write vulnerability in Insyde Kernel SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. | 8.2 |
| 2022-11-15 | CVE-2022-29278 | Improper Check for Unusual or Exceptional Conditions vulnerability in Insyde Kernel Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. | 8.2 |
| 2022-11-15 | CVE-2022-29279 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Insyde Kernel Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. | 8.2 |
| 2022-11-15 | CVE-2022-29275 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Insyde Kernel In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. | 8.2 |
| 2022-11-15 | CVE-2022-30283 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Kernel In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges The UsbCoreDxe module creates a working buffer for USB transactions outside of SMRAM. | 7.5 |
| 2022-11-15 | CVE-2022-30771 | Out-of-bounds Write vulnerability in Insyde Kernel Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. | 8.2 |
| 2022-11-15 | CVE-2022-30772 | Out-of-bounds Write vulnerability in Insyde Kernel Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. | 8.2 |
| 2022-11-15 | CVE-2022-33905 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Kernel DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). | 7.0 |