Insyde Kernel vulnerabilities

CVE-2022-33908 [HIGH] CWE-367 CVE-2022-33908: DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdHostDriver driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered b

CVE-2022-33985 [HIGH] CWE-367 CVE-2022-33985: DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovere

CVE-2022-33986 [MEDIUM] CWE-367 CVE-2022-33986: DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead t DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the driver VariableRuntimeDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde enginee

CVE-2022-33906 [MEDIUM] CWE-367 CVE-2022-33906: DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI han DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the FwBlockServiceSmm driver could cause SMRAM corruption through a TOCTOU attack. This issue was

CVE-2022-32267 [MEDIUM] CWE-367 CVE-2022-32267: DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI h DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DMA transactions which are targeted at input buffers used for the software SMI handler used by the SmmResourceCheckDxe driver could cause SMRAM corruption through a TOCTOU attack... This issue was discov

CVE-2022-30774 [MEDIUM] CWE-367 CVE-2022-30774: DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parame DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) . This

CVE-2022-31243 [MEDIUM] CWE-367 CVE-2022-31243: Update description and links DMA transactions which are targeted at input buffers used for the softw Update description and links DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption through a TOCTOU attack.. "DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could caus

CVE-2022-33982 [MEDIUM] CWE-367 CVE-2022-33982: DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buffer used by the software SMI handler used by the driver Int15ServiceSmm could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM

CVE-2022-32266 [MEDIUM] CWE-787 CVE-2022-32266: DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe coul DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the S

CVE-2022-30773 [MEDIUM] CWE-367 CVE-2022-30773: DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after para DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). T

CVE-2022-33907 [MEDIUM] CWE-367 CVE-2022-33907: DMA transactions which are targeted at input buffers used for the software SMI handler used by the I DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issu

CVE-2021-38578 [CRITICAL] CWE-124 CVE-2021-38578: Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.

CVE-2021-38575 [HIGH] CWE-124 CVE-2021-38575: NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.