| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, callback function SmmCreateVariableLockList () calls CreateVariableLockListInSmm (). In CreateVariableLockListInSmm (), it uses StrSize () to get variable name size and it could lead to a buffer over-read. |
| An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, VariableServicesSetVariable () can be called by gRT_>SetVariable () or the SmmSetSensitiveVariable () or SmmInternalSetVariable () from SMM. In VariableServicesSetVariable (), it uses StrSize () to get variable name size, uses StrLen () to get variable name length and uses StrCmp () to compare strings. These actions may cause a buffer over-read. |
| An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, SmmUpdateVariablePropertySmi () is a SMM callback function and it uses StrCmp () to compare variable names. This action may cause a buffer over-read. |
| Transient DOS during hypervisor virtual I/O operation in a virtual machine. |
| Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. |
| Information disclosure in IOE Firmware while handling WMI command. |
| Transient DOS in WLAN Firmware while parsing a NAN management frame. |
| Transient DOS in WLAN Firmware while parsing rsn ies. |
| Transient DOS in WLAN Firmware while parsing no-inherit IES. |
| Transient DOS in WLAN Firmware while parsing a BTM request. |
| Transient DOS in Audio when invoking callback function of ASM driver. |
| Information disclosure in Audio while accessing AVCS services from ADSP payload. |
| Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame. |
| Transient DOS while parsing WPA IES, when it is passed with length more than expected size. |
| Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element. |
| Memory corruption while processing buffer initialization, when trusted report for certain report types are generated. |
| Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. |
| Memory corruption when the captureRead QDCM command is invoked from user-space. |
| Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame. |
| Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame. |
