Vulnerabilities > Insyde

DATE CVE VULNERABILITY TITLE RISK
2022-11-15 CVE-2022-30772 Out-of-bounds Write vulnerability in Insyde Kernel
Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory.
local
low complexity
insyde CWE-787
8.2
2022-11-15 CVE-2022-30774 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Kernel
DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) .
local
high complexity
insyde CWE-367
6.4
2022-11-15 CVE-2022-31243 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Kernel
Update description and links DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption through a TOCTOU attack..
local
high complexity
insyde CWE-367
6.4
2022-11-15 CVE-2022-32267 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Kernel
DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DMA transactions which are targeted at input buffers used for the software SMI handler used by the SmmResourceCheckDxe driver could cause SMRAM corruption through a TOCTOU attack...
local
high complexity
insyde CWE-367
6.4
2022-11-15 CVE-2022-33905 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Kernel
DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack).
local
high complexity
insyde CWE-367
7.0
2022-11-15 CVE-2022-33906 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Kernel
DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI handler could cause SMRAM corruption through a TOCTOU attack.
local
high complexity
insyde CWE-367
6.4
2022-11-15 CVE-2022-33908 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Kernel
DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack.
local
high complexity
insyde CWE-367
7.0
2022-11-15 CVE-2022-33909 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Kernel
DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack.
local
high complexity
insyde CWE-367
7.0
2022-11-15 CVE-2022-33983 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Kernel
DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack.
local
high complexity
insyde CWE-367
7.0
2022-11-15 CVE-2022-33984 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Kernel
DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack.
local
high complexity
insyde CWE-367
7.0