Search Insyde.com

系微安全保證

最新安全公告

Security Advisory Archives

BIOS & BMC

InsydeH2O | 2023年02月14日 : SA-2023010

Link	Summary	CVSS Score
INSYDE-SA-2023010	DMA attacks on the IdeBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges.	7.5

InsydeH2O | 2023年02月14日 : SA-2023001

Link	Summary	CVSS Score
INSYDE-SA-2023001	DMA attacks on the PnpSmm shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges.	8.2

InsydeH2O | 2022年11月14日 : SA-2022065

Link	Summary	CVSS Score
INSYDE-SA-2022065	Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory.	7.2

InsydeH2O | 2022年11月14日 : SA-2022064

Link	Summary	CVSS Score
INSYDE-SA-2022064	Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions.	8.2

InsydeH2O | 2022年11月14日 : SA-2022063

Link	Summary	CVSS Score
INSYDE-SA-2022063	In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges.	7.5

InsydeH2O | 2022年11月14日 : SA-2022062

Link	Summary	CVSS Score
INSYDE-SA-2022062	Use of an untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice.	7.5

InsydeH2O | 2022年11月14日 : SA-2020061

Link	Summary	CVSS Score
INSYDE-SA-2020061	Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory.	7.5

InsydeH2O | 2022年11月14日 : SA-2022060

Link	Summary	CVSS Score
INSYDE-SA-2022060	Incorrect pointer checks within the FwBlockServiceSmm driver can allow arbitrary RAM modifications.	7.5

InsydeH2O | 2022年11月14日 : SA-2022059

Link	Summary	CVSS Score
INSYDE-SA-2022059	SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM.	8.2

InsydeH2O | 2022年11月14日 : SA-2022058

Link	Summary	CVSS Score
INSYDE-SA-2022058	In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering.	7.8

InsydeH2O | 2022年11月10日 : SA-2022043

Link	Summary	CVSS Score
INSYDE-SA-2022043	DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents of parameter values (a TOCTOU attack).	7.5

InsydeH2O | 2022年11月8日 : SA-2022057

Link	Summary	CVSS Score
INSYDE-SA-2022057	DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack.	7.8

返回主要安全公告页面