CVE-2022-36337 - Stack Buffer Overflow in Insyde InsydeH2O (Kernel 5.–5.5) and How It Can Lead to Code Execution
In 2022, security researchers found a critical buffer overflow vulnerability in the InsydeH2O UEFI firmware (specifically versions with kernel 5. through 5.5). This issue,
CVE-2022-35407 - Stack Buffer Overflow in InsydeH2O's SetupUtility Driver (Intel Platforms Exploit Explained)
---
Introduction
In June 2022, a critical vulnerability tagged CVE-2022-35407 was discovered in the Insyde InsydeH2O UEFI firmware, specifically inside its SetupUtility driver. The flaw
CVE-2022-35897 - Exploiting a Stack Buffer Overflow in InsydeH2O UEFI Kernel 5.–5.5 for Arbitrary Code Execution
CVE-2022-35897 is a security vulnerability affecting Insyde InsydeH2O firmware (kernel versions 5. up to 5.5) used by numerous PCs and laptops. Discovered in 2022,
CVE-2022-29278 - How Faulty Pointer Checks in NvmExpressDxe Risk Both SMRAM and OS Memory
In this post, we’ll look closely at CVE-2022-29278, a significant firmware-level security hole discovered in the NvmExpressDxe driver. The flaw can potentially let attackers
CVE-2022-29279 - How Untrusted Pointers Led to SMRAM and OS Memory Tampering in InsydeH2O Kernel
If you're in the UEFI BIOS world, or just want to understand how a simple mistake with pointers can open the door to
Episode
00:00:00
00:00:00