CVE-2022-29279 - How Untrusted Pointers Led to SMRAM and OS Memory Tampering in InsydeH2O Kernel
If you're in the UEFI BIOS world, or just want to understand how a simple mistake with pointers can open the door to
CVE-2022-30772 - How Malicious Code Could Overwrite SMRAM or OS Kernel Memory via PnpSmm’s Function x52
*Discovered by Insyde engineering, patched in Insyde’s Kernel updates across multiple versions.*
Overview
CVE-2022-30772 is a serious vulnerability found in the PnpSmm driver, specifically
CVE-2022-33984 - How a TOCTOU DMA Attack Could Corrupt SMRAM in SdMmcDevice SMI Handler
CVE-2022-33984 is a recently disclosed vulnerability that can be found in some firmware implementations. It primarily targets the SdMmcDevice software SMI handler, leveraging Direct Memory
CVE-2022-32267 - How DMA Attacks Can Lead to SMRAM Corruption in SmmResourceCheckDxe
CVE-2022-32267 is a security vulnerability in certain Insyde BIOS platforms, specifically involving the SmmResourceCheckDxe driver. This vulnerability opens the door to a serious attack: DMA-based
CVE-2022-30774 - Understanding the DMA TOCTOU Attack on Insyde PnpSmm Driver
In 2022, a serious vulnerability known as CVE-2022-30774 was discovered affecting Insyde’s PnpSmm driver. This bug is not just another buffer overflow or a
Episode
00:00:00
00:00:00