Insyde's Security Pledge
Recent Security Advisories
Security Advisory Archives
BIOS & BMC
InsydeH2O | February 14, 2023 : SA-2023010
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2023010 | DMA attacks on the IdeBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. | 7.5 |
InsydeH2O | February 14, 2023 : SA-2023010
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2023010 | DMA attacks on the IdeBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. | 7.5 |
InsydeH2O | February 14, 2023 : SA-2023002
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2023002 | DMA attacks on the FwBlockServiceSmm shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. | 8.2 |
InsydeH2O | February 14, 2023 : SA-2023001
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2023001 | DMA attacks on the PnpSmm shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. | 8.2 |
InsydeH2O | November 14, 2022 : SA-2022065
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022065 | Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. | 7.2 |
InsydeH2O | November 14, 2022 : SA-2022064
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022064 | Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. | 8.2 |
InsydeH2O | November 14, 2022 : SA-2022063
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022063 | In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges. | 7.5 |
InsydeH2O | November 14, 2022 : SA-2022062
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022062 | Use of an untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. | 7.5 |
InsydeH2O | November 14, 2022 : SA-2020061
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2020061 | Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. | 7.5 |
InsydeH2O | November 14, 2022 : SA-2022060
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022060 | Incorrect pointer checks within the FwBlockServiceSmm driver can allow arbitrary RAM modifications. | 7.5 |
InsydeH2O | November 14, 2022 : SA-2022059
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022059 | SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. | 8.2 |
InsydeH2O | November 14, 2022 : SA-2022058
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022058 | In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering. | 7.8 |