系微安全保證

最新安全公告

Security Advisory Archives

BIOS & BMC

Link
Summary
CVSS Score
INSYDE-SA-2022044DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption (a TOCTOU attack).
7.5
Link
Summary
CVSS Score
INSYDE-SA-2022042DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values (a TOCTOU attack).
8.2
Link
Summary
CVSS Score
INSYDE-SA-2022041Stack buffer overflow vulnerability leads to arbitrary code execution.
7.6
Link
Summary
CVSS Score
INSYDE-SA-2022040Stack buffer overflow vulnerability leads to arbitrary code execution.
7.7
Link
Summary
CVSS Score
INSYDE-SA-2022039Stack buffer overflow vulnerability leads to arbitrary code execution.
7.7
Link
Summary
CVSS Score
INSYDE-SA-2022038Some versions of InsydeH2O use the FreeType tools to embed fonts into the BIOS. InsydeH2O does not use the FreeType API at runtime and usage during build time does not produce a vulnerability in the BIOS.
3.6
Link
Summary
CVSS Score
INSYDE-SA-2022037Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass.
8.2
Link
Summary
CVSS Score
INSYDE-SA-2022036Side-channel analysis may allow unauthorized disclosure of information.
5.6
Link
Summary
CVSS Score
INSYDE-SA-2022035SMM memory corruption vulnerability in SMM driver (SMRAM write) in InsydeH2O.
8.2
Link
Summary
CVSS Score
INSYDE-SA-2022034SMM memory leak vulnerability in SMM driver (SMRAM read) in InsydeH2O.
6.0
Link
Summary
CVSS Score
INSYDE-SA-2022033SMM memory corruption vulnerability in SMM driver (SMRAM write) in InsydeH2O.
8.2
Link
Summary
CVSS Score
INSYDE-SA-2022032SMM memory corruption vulnerability in Software SMI handler in InsydeH2O.
8.2
返回主要安全公告页面