系微安全保證
最新安全公告
Security Advisory Archives
BIOS & BMC
InsydeH2O | 2022年02月1日 : SA-2022007
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022007 | SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | 7.5 |
InsydeH2O | 2022年02月1日 : SA-2022006
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022006 | Stack overflow vulnerability that allows a local root user to access UEFI DXE driver and execute arbitrary code. | 8.2 |
InsydeH2O | 2022年01月4日 : SA-2022001
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022001 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer. | 8.2 |
InsydeH2O | 2022年01月4日 : SA-2022005
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022005 | SdLegacySmm: Software SMI handler does not verify CommBuffer, allowing untrusted external input (CVE-2020-5956). | 7.5 |
InsydeH2O | 2022年01月4日 : SA-2022004
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022004 | AtaLegacySmm: SMI handler does not check CommBuffer leading to possible arbitrary code execution. | 8.2 |
InsydeH2O | 2022年01月4日 : SA-2022003
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022003 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBuffer + 8 location). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. | 8.2 |
InsydeH2O | 2022年01月4日 : SA-2022002
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022002 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(status code saved at CommBuffer+4 location). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. | 8.2 |
InsydeH2O | 2022年01月4日 : SA-2022001
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022001 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBufferData). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. | 8.2 |
InsydeH2O | 2021年12月14日 : SA-2021004
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2021004 | Insyde iscflashx64.sys Driver IOCTL CODE 0x22229a, User Controllable NumberOfBytes Lead to System Crash (or Potential Memory Corruption). | 4.9 |
InsydeH2O | 2021年10月14日 : SA-2021002
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2021002 | Uncontrolled input in the InsydeH2O Int15MicrosoftSmm driver to a software SMI function may allow the caller to gain elevated privileges. Fixed in different chipset-specific releases of InsydeH2O.
| N/A |
InsydeH2O | 2021年06月14日 : SA-2021001
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2021001 | A potential security vulnerability in the handler for IDE devices may allow escalation of privilege, or information disclosure. Insyde has released firmware updates to mitigate this potential vulnerability.
| 7.2 |
InsydeH2O | 2019年08月12日 : SA-2019001
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2019001 | A potential security vulnerability in the Insyde software tools may allow escalation of privilege, or information disclosure. Insyde is releasing software updates to mitigate this potential vulnerability. | 6.9 |