Skip to main content

Kernel

31 CVEs product

Monthly

CVE-2024-52880 HIGH This Month

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Kernel
NVD
CVSS 3.1
7.9
EPSS
0.1%
CVE-2024-49200 MEDIUM This Month

An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in Insyde InsydeH2O with kernel 5.2 though 5.7. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Buffer Overflow RCE Kernel
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2024-25078 HIGH This Week

A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07,. Rated high severity (CVSS 7.4). No vendor patch available.

Buffer Overflow Kernel
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2023-28468 MEDIUM This Month

An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Kernel
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-36337 HIGH This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Kernel
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-35407 HIGH This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Memory Corruption RCE Buffer Overflow Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-35897 MEDIUM This Month

An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Kernel
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2022-29279 HIGH This Week

Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Kernel
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-29278 HIGH This Week

Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Kernel
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-29276 HIGH This Week

SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Kernel
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-30772 HIGH This Week

Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Kernel
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-30771 HIGH This Week

Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Kernel
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-30283 HIGH This Week

In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM. Rated high severity (CVSS 7.5). No vendor patch available.

Intel Privilege Escalation Kernel
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2022-29275 HIGH This Week

In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Kernel
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-33986 MEDIUM This Month

DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure Kernel
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-33985 HIGH This Week

DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. Rated high severity (CVSS 7.0). No vendor patch available.

Intel Information Disclosure Kernel
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2022-33984 HIGH This Week

DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. Rated high severity (CVSS 7.0). No vendor patch available.

Intel Information Disclosure Kernel
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2022-33983 HIGH This Week

DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. Rated high severity (CVSS 7.0). No vendor patch available.

Intel Information Disclosure Kernel
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2022-33909 HIGH This Week

DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. Rated high severity (CVSS 7.0). No vendor patch available.

Intel Information Disclosure Kernel
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2022-33908 HIGH This Week

DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. Rated high severity (CVSS 7.0). No vendor patch available.

Intel Information Disclosure Kernel
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2022-33906 MEDIUM This Month

DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI handler could cause SMRAM corruption through a TOCTOU attack. Rated medium severity (CVSS 6.4). No vendor patch available.

Intel Information Disclosure Kernel
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2022-33905 HIGH This Week

DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). Rated high severity (CVSS 7.0). No vendor patch available.

Intel Information Disclosure Kernel
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2022-32267 MEDIUM This Month

DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DMA transactions which are targeted at input. Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure Kernel
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-31243 MEDIUM This Month

Update description and links DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption through a. Rated medium severity (CVSS 6.4). No vendor patch available.

Intel Information Disclosure Kernel
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2022-30774 MEDIUM This Month

DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA attacks on the. Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure Kernel
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2022-33982 MEDIUM This Month

DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure Kernel
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2022-33907 MEDIUM This Month

DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... Rated medium severity (CVSS 6.4). No vendor patch available.

Intel Information Disclosure Kernel
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2022-32266 MEDIUM This Month

DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and. Rated medium severity (CVSS 6.4). No vendor patch available.

Memory Corruption Buffer Overflow Kernel
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2022-30773 MEDIUM This Month

DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure Kernel
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2021-38575 HIGH POC This Week

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Edk2 Kernel
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2014-2649 HIGH This Week

Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Operations Manager Kernel
NVD
CVSS 2.0
7.5
EPSS
3.6%
EPSS 0% CVSS 7.9
HIGH This Month

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Kernel
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in Insyde InsydeH2O with kernel 5.2 though 5.7. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Buffer Overflow RCE +1
NVD
EPSS 0% CVSS 7.4
HIGH This Week

A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07,. Rated high severity (CVSS 7.4). No vendor patch available.

Buffer Overflow Kernel
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Kernel
NVD
EPSS 0% CVSS 8.2
HIGH This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Memory Corruption RCE +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow +1
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Kernel
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Kernel
NVD
EPSS 0% CVSS 8.2
HIGH This Week

SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Kernel
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Kernel
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Kernel
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM. Rated high severity (CVSS 7.5). No vendor patch available.

Intel Privilege Escalation Kernel
NVD
EPSS 0% CVSS 8.2
HIGH This Week

In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Kernel
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure Kernel
NVD
EPSS 0% CVSS 7.0
HIGH This Week

DMA transactions which are targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. Rated high severity (CVSS 7.0). No vendor patch available.

Intel Information Disclosure Kernel
NVD
EPSS 0% CVSS 7.0
HIGH This Week

DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. Rated high severity (CVSS 7.0). No vendor patch available.

Intel Information Disclosure Kernel
NVD
EPSS 0% CVSS 7.0
HIGH This Week

DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. Rated high severity (CVSS 7.0). No vendor patch available.

Intel Information Disclosure Kernel
NVD
EPSS 0% CVSS 7.0
HIGH This Week

DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. Rated high severity (CVSS 7.0). No vendor patch available.

Intel Information Disclosure Kernel
NVD
EPSS 0% CVSS 7.0
HIGH This Week

DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. Rated high severity (CVSS 7.0). No vendor patch available.

Intel Information Disclosure Kernel
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI handler could cause SMRAM corruption through a TOCTOU attack. Rated medium severity (CVSS 6.4). No vendor patch available.

Intel Information Disclosure Kernel
NVD
EPSS 0% CVSS 7.0
HIGH This Week

DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). Rated high severity (CVSS 7.0). No vendor patch available.

Intel Information Disclosure Kernel
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DMA transactions which are targeted at input. Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure Kernel
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Update description and links DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption through a. Rated medium severity (CVSS 6.4). No vendor patch available.

Intel Information Disclosure Kernel
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA attacks on the. Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure Kernel
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure Kernel
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... Rated medium severity (CVSS 6.4). No vendor patch available.

Intel Information Disclosure Kernel
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and. Rated medium severity (CVSS 6.4). No vendor patch available.

Memory Corruption Buffer Overflow Kernel
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure Kernel
NVD
EPSS 2% CVSS 8.1
HIGH POC This Week

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Edk2 Kernel
NVD
EPSS 4% CVSS 7.5
HIGH This Week

Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows remote attackers to execute arbitrary code via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Operations Manager +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy