系微安全保證
最新安全公告
Security Advisory Archives
BIOS & BMC
InsydeH2O | 2022年11月14日 : SA-2022059
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022059 | SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. | 8.2 |
InsydeH2O | 2022年11月14日 : SA-2022058
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022058 | In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering. | 7.8 |
InsydeH2O | 2022年11月10日 : SA-2022043
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022043 | DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents of parameter values (a TOCTOU attack). | 7.5 |
InsydeH2O | 2022年11月8日 : SA-2022057
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022057 | DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. | 7.8 |
InsydeH2O | 2022年11月8日 : SA-2022056
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022056 | DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. | 7.4 |
InsydeH2O | 2022年11月8日 : SA-2022055
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022055 | DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. | 7.8 |
InsydeH2O | 2022年11月8日 : SA-2022054
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022054 | DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. | 7.8 |
InsydeH2O | 2022年11月8日 : SA-2022053
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022053 | DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. | 7.8 |
InsydeH2O | 2022年11月8日 : SA-2022052
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022052 | DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. | 7.4 |
InsydeH2O | 2022年11月8日 : SA-2022051
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022051 | DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. | 7.8 |
InsydeH2O | 2022年11月8日 : SA-2022050
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022050 | DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. | 7.8 |
InsydeH2O | 2022年11月8日 : SA-2022049
| Link | Summary | CVSS Score |
|---|---|---|
| INSYDE-SA-2022049 | DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. | 8.2 |