Insyde - CVE CyberSecurity Database News (Page 2)

Nov 15, 2022 Exploit Insyde kernel

CVE-2022-29279: Use of Untrusted Pointer Compromises SMRAM and OS Memory in SdHostDriver and SdMmcDevice

A critical security vulnerability (CVE-2022-29279) has been identified in the SdHostDriver and SdMmcDevice that stems from the use of an untrusted pointer. This flaw exposes

Nov 15, 2022 Exploit Insyde kernel

CVE-2022-30772: Potential SMRAM and OS Kernel Memory Overwrite Exploit through Manipulation of Input Address in PnpSmm Function x52

A potential vulnerability, identified under the reference CVE-2022-30772, may lead to the manipulation of the input address in the PnpSmm function x52. This issue arises

Nov 15, 2022 Insyde kernel

CVE-2022-33984 - DMA Transactions Resulting in SMRAM Corruption via TOCTOU Attack in SdMmcDevice Software SMI Handler

In this long-read post, we will discuss the details of a recently discovered vulnerability, CVE-2022-33984, related to Direct Memory Access (DMA) transactions in SdMmcDevice Software

Nov 15, 2022 Exploit Insyde kernel

CVE-2022-32267 - DMA Transactions Targeting Input Buffers in SmmResourceCheckDxe Software SMI Handler Lead to SMRAM Corruption

Summary: A flaw has been discovered in the SmmResourceCheckDxe driver, which could be exploited by a TOCTOU attack that targets the input buffers of the

Nov 15, 2022 Exploit Insyde kernel

CVE-2022-30774: Exploring DMA Attacks on PnpSmm Driver's Parameter Buffer and Understanding the TOCTOU Vulnerability

In this in-depth analysis, we examine the vulnerability CVE-2022-30774, which exists in the parameter buffer used by the PnpSmm driver. This vulnerability revolves around a