Vulnerabilities > Insyde
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-15 | CVE-2022-33985 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Kernel DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. | 7.0 |
2022-11-15 | CVE-2022-33986 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Kernel DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. | 6.4 |
2022-11-14 | CVE-2022-33907 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Kernel DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... | 6.4 |
2022-11-14 | CVE-2022-33982 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Kernel DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. | 6.4 |
2022-11-14 | CVE-2022-34325 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. | 7.8 |
2022-11-14 | CVE-2022-30773 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Kernel DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). | 6.4 |
2022-11-14 | CVE-2022-32266 | Out-of-bounds Write vulnerability in Insyde Kernel DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. | 6.4 |
2022-09-28 | CVE-2022-36448 | Improper Input Validation vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 8.2 |
2022-09-23 | CVE-2022-35893 | Improper Input Validation vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 8.2 |
2022-09-23 | CVE-2022-36338 | Unspecified vulnerability in Insyde Insydeh2O An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. | 8.2 |