系微安全保證
最新安全公告
Security Advisory Archives
BIOS & BMC
InsydeH2O | 2022年02月1日 : SA-2022011
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022011 | SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | 7.5 |
InsydeH2O | 2022年02月1日 : SA-2022010
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022010 | SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | 8.2 |
InsydeH2O | 2022年02月1日 : SA-2022009
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022009 | SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | 7.5 |
InsydeH2O | 2022年02月1日 : SA-2022008
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022008 | SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | 8.2 |
InsydeH2O | 2022年02月1日 : SA-2022007
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022007 | SMM callout vulnerability allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | 7.5 |
InsydeH2O | 2022年02月1日 : SA-2022006
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022006 | Stack overflow vulnerability that allows a local root user to access UEFI DXE driver and execute arbitrary code. | 8.2 |
InsydeH2O | 2022年01月4日 : SA-2022001
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022001 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer. | 8.2 |
InsydeH2O | 2022年01月4日 : SA-2022005
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022005 | SdLegacySmm: Software SMI handler does not verify CommBuffer, allowing untrusted external input (CVE-2020-5956). | 7.5 |
InsydeH2O | 2022年01月4日 : SA-2022004
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022004 | AtaLegacySmm: SMI handler does not check CommBuffer leading to possible arbitrary code execution. | 8.2 |
InsydeH2O | 2022年01月4日 : SA-2022003
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022003 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBuffer + 8 location). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. | 8.2 |
InsydeH2O | 2022年01月4日 : SA-2022002
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022002 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(status code saved at CommBuffer+4 location). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. | 8.2 |
InsydeH2O | 2022年01月4日 : SA-2022001
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022001 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(CommBufferData). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution. | 8.2 |