Vulnerabilities > Insyde

DATE CVE VULNERABILITY TITLE RISK
2022-11-15 CVE-2022-33985 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Kernel
DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack.
local
high complexity
insyde CWE-367
7.0
2022-11-15 CVE-2022-33986 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Kernel
DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack.
local
high complexity
insyde CWE-367
6.4
2022-11-14 CVE-2022-33907 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Kernel
DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack...
local
high complexity
insyde CWE-367
6.4
2022-11-14 CVE-2022-33982 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Kernel
DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM.
local
high complexity
insyde CWE-367
6.4
2022-11-14 CVE-2022-34325 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Insydeh2O
DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack.
local
high complexity
insyde CWE-367
7.8
2022-11-14 CVE-2022-30773 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Insyde Kernel
DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack).
local
high complexity
insyde CWE-367
6.4
2022-11-14 CVE-2022-32266 Out-of-bounds Write vulnerability in Insyde Kernel
DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields.
local
high complexity
insyde CWE-787
6.4
2022-09-28 CVE-2022-36448 Improper Input Validation vulnerability in Insyde Insydeh2O
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5.
local
low complexity
insyde CWE-20
8.2
2022-09-23 CVE-2022-35893 Improper Input Validation vulnerability in Insyde Insydeh2O
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5.
local
low complexity
insyde CWE-20
8.2
2022-09-23 CVE-2022-36338 Unspecified vulnerability in Insyde Insydeh2O
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5.
local
low complexity
insyde
8.2