CVE-2022-29279: Use of Untrusted Pointer Compromises SMRAM and OS Memory in SdHostDriver and SdMmcDevice
A critical security vulnerability (CVE-2022-29279) has been identified in the SdHostDriver and SdMmcDevice that stems from the use of an untrusted pointer. This flaw exposes
CVE-2022-30772: Potential SMRAM and OS Kernel Memory Overwrite Exploit through Manipulation of Input Address in PnpSmm Function x52
A potential vulnerability, identified under the reference CVE-2022-30772, may lead to the manipulation of the input address in the PnpSmm function x52. This issue arises
CVE-2022-33984 - DMA Transactions Resulting in SMRAM Corruption via TOCTOU Attack in SdMmcDevice Software SMI Handler
In this long-read post, we will discuss the details of a recently discovered vulnerability, CVE-2022-33984, related to Direct Memory Access (DMA) transactions in SdMmcDevice Software
CVE-2022-32267 - DMA Transactions Targeting Input Buffers in SmmResourceCheckDxe Software SMI Handler Lead to SMRAM Corruption
Summary: A flaw has been discovered in the SmmResourceCheckDxe driver, which could be exploited by a TOCTOU attack that targets the input buffers of the
CVE-2022-30774: Exploring DMA Attacks on PnpSmm Driver's Parameter Buffer and Understanding the TOCTOU Vulnerability
In this in-depth analysis, we examine the vulnerability CVE-2022-30774, which exists in the parameter buffer used by the PnpSmm driver. This vulnerability revolves around a
Episode
00:00:00
00:00:00