| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, callback function SmmCreateVariableLockList () calls CreateVariableLockListInSmm (). In CreateVariableLockListInSmm (), it uses StrSize () to get variable name size and it could lead to a buffer over-read. |
| An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, VariableServicesSetVariable () can be called by gRT_>SetVariable () or the SmmSetSensitiveVariable () or SmmInternalSetVariable () from SMM. In VariableServicesSetVariable (), it uses StrSize () to get variable name size, uses StrLen () to get variable name length and uses StrCmp () to compare strings. These actions may cause a buffer over-read. |
| An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, SmmUpdateVariablePropertySmi () is a SMM callback function and it uses StrCmp () to compare variable names. This action may cause a buffer over-read. |
| A vulnerability was found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper physical access control. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. |
| Information Disclosure in data Modem while parsing an FMTP line in an SDP message. |
| Memory Corruption in Data Modem while making a MO call or MT VOLTE call. |
| Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value. |
| Information disclosure in WLAN HAL while handling the WMI state info command. |
| Information disclosure in WLAN HAL while handling command through WMI interfaces. |
| Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame. |
| Memory corruption when the captureRead QDCM command is invoked from user-space. |
| Transient DOS in WLAN Firmware while parsing a NAN management frame. |
| Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame. |
| Transient DOS while parsing per STA profile in ML IE. |
| Transient DOS while processing received beacon frame. |
| Transient DOS in Audio when invoking callback function of ASM driver. |
| Transient DOS while parsing WPA IES, when it is passed with length more than expected size. |
| Information disclosure in Audio while accessing AVCS services from ADSP payload. |
| Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. |
| Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element. |
