CVE-2022-31243 - How DMA Attacks Can Corrupt SMRAM Via SMI Handler In FvbServicesRuntimeDxe
In May 2022, a critical firmware vulnerability (CVE-2022-31243) was disclosed, affecting systems using the FvbServicesRuntimeDxe UEFI driver. The flaw allows malicious actors to exploit Direct
CVE-2022-33907 - How a TOCTOU Attack on IdeBusDxe’s SMI Handler Can Corrupt SMRAM—Explained
Firmware security is a high-stakes game where any vulnerability can have serious consequences. In 2022, CVE-2022-33907 highlighted how a seemingly minor piece of UEFI firmware
CVE-2022-32266 - Understanding and Exploiting DMA Attacks in PcdSmmDxe's Software SMI Handler (InsydeH2O BIOS)
1. Introduction
Modern UEFI firmware, like InsydeH2O, handles critical system configuration during platform boot, and is therefore a juicy target for attackers. In early 2022,
CVE-2022-30773 - How TOCTOU DMA Attacks Threatened Insyde SMM Drivers
In mid-2022, Insyde Software publicly disclosed a severe vulnerability tracked as CVE-2022-30773. This security bug opens the door for a Time-of-Check to Time-of-Use (TOCTOU) attack
Episode
00:00:00
00:00:00