Vulnerabilities > Insyde

DATE CVE VULNERABILITY TITLE RISK
2023-02-15 CVE-2022-32955 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5.
local
high complexity
insyde CWE-367
7.0
2022-11-23 CVE-2022-36337 Out-of-bounds Write vulnerability in Insyde Kernel
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5.
local
low complexity
insyde CWE-787
8.2
2022-11-22 CVE-2022-35407 Out-of-bounds Write vulnerability in Insyde Kernel
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5.
local
low complexity
insyde CWE-787
7.8
2022-11-21 CVE-2022-35897 Out-of-bounds Write vulnerability in Insyde Kernel
An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5.
low complexity
insyde CWE-787
6.8
2022-11-15 CVE-2022-29276 Out-of-bounds Write vulnerability in Insyde Kernel
SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM.
local
low complexity
insyde CWE-787
8.2
2022-11-15 CVE-2022-29278 Improper Check for Unusual or Exceptional Conditions vulnerability in Insyde Kernel
Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory.
local
low complexity
insyde CWE-754
8.2
2022-11-15 CVE-2022-29279 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Insyde Kernel
Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice.
local
low complexity
insyde CWE-119
8.2
2022-11-15 CVE-2022-29275 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Insyde Kernel
In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges.
local
low complexity
insyde CWE-119
8.2
2022-11-15 CVE-2022-30283 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Kernel
In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges The UsbCoreDxe module creates a working buffer for USB transactions outside of SMRAM.
local
high complexity
insyde CWE-367
7.5
2022-11-15 CVE-2022-30771 Out-of-bounds Write vulnerability in Insyde Kernel
Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions.
local
low complexity
insyde CWE-787
8.2