Search Insyde.com

Insyde's Security Pledge

Recent Security Advisories

Security Advisory Archives

BIOS & BMC

InsydeH2O | November 14, 2022 : SA-2020061

Link	Summary	CVSS Score
INSYDE-SA-2020061	Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory.	7.5

InsydeH2O | November 14, 2022 : SA-2022060

Link	Summary	CVSS Score
INSYDE-SA-2022060	Incorrect pointer checks within the FwBlockServiceSmm driver can allow arbitrary RAM modifications.	7.5

InsydeH2O | November 14, 2022 : SA-2022059

Link	Summary	CVSS Score
INSYDE-SA-2022059	SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM.	8.2

InsydeH2O | November 14, 2022 : SA-2022058

Link	Summary	CVSS Score
INSYDE-SA-2022058	In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering.	7.8

InsydeH2O | November 10, 2022 : SA-2022043

Link	Summary	CVSS Score
INSYDE-SA-2022043	DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents of parameter values (a TOCTOU attack).	7.5

InsydeH2O | November 8, 2022 : SA-2022057

Link	Summary	CVSS Score
INSYDE-SA-2022057	DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack.	7.8

InsydeH2O | November 8, 2022 : SA-2022056

Link	Summary	CVSS Score
INSYDE-SA-2022056	DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack.	7.4

InsydeH2O | November 8, 2022 : SA-2022055

Link	Summary	CVSS Score
INSYDE-SA-2022055	DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack.	7.8

InsydeH2O | November 8, 2022 : SA-2022054

Link	Summary	CVSS Score
INSYDE-SA-2022054	DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack.	7.8

InsydeH2O | November 8, 2022 : SA-2022053

Link	Summary	CVSS Score
INSYDE-SA-2022053	DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack.	7.8

InsydeH2O | November 8, 2022 : SA-2022052

Link	Summary	CVSS Score
INSYDE-SA-2022052	DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM.	7.4

InsydeH2O | November 8, 2022 : SA-2022051

Link	Summary	CVSS Score
INSYDE-SA-2022051	DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack.	7.8

Back to Security Pledge