Headline
CVE-2022-35408: Insyde's Security Pledge | Insyde Software
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver in UsbLegacyControlSmm leads to possible arbitrary code execution in SMM and escalation of privileges. An attacker could overwrite the function pointers in the EFI_BOOT_SERVICES table before the USB SMI handler triggers. (This is not exploitable from code running in the operating system.)
Common Vulnerabilities and Exposures (CVE)
CVSS v3 Vulnerability Severity
Description
Intel Security Advisory (SA)
Original Date
Last Revised
CVE-2019-0170
8.2
Buffer overflow in subsystem in Intel® Dynamic Application Loader before [12.0.35] may allow privileged user to potentially enable escalation of privilege via local access.
INTEL-SA-00213
05/14/2019
04/14/2020
CVE-2019-0153
9.0
Buffer overflow in subsystem in Intel® CSME before 12.0.35 may allow unauthenticated user to potentially enable escalation of privilege via network access.
INTEL-SA-00213
05/14/2019
04/14/2020
CVE-2019-0126
7.2
Insufficient access control in Silicon Reference firmware for Intel ® Xeon ® Scalable Processor, Intel ® Xeon ® Processor D Family may allow privileged user to potentially enable escalation of privilege or denial of service via local access
INTEL-SA-00223
05/14/2019
05/14/2019
CVE-2019-0120
5.3
Insufficient key protection vulnerability in Silicon Reference firmware for Intel® Pentium® Processor J Series, Intel® Pentium® Processor N Series, Intel® Celeron® J Series, Intel® Celeron® N Series, Intel® Atom® Processor A Series, Intel® Atom® Processor E3900 Series, Intel® Pentium® Processor Silver Series may allow privileged user to potentially enable denial of service via local access.
INTEL-SA-00223
05/14/2019
05/14/2019
CVE-2019-0119
5.7
Buffer overflow vulnerability in system firmware for Intel ® Xeon ® Processor D Family, Intel ® Xeon ® Scalable Processor, Intel® Server Board, Intel® Server System and Intel® Compute Module may allow privileged user to potentially enable escalation of privilege or denial of service via local access.
INTEL-SA-00223
05/14/2019
05/14/2019
CVE-2019-0098
5.7
Logic bug vulnerability in subsystem for Intel® CSME before version 12.0.35, Intel® TXE before 3.1.65, 4.0.15may allow unauthenticated user to potentially enable escalation of privilege via physical access.
INTEL-SA-00213
05/14/2019
04/14/2020
CVE-2019-0097
4.9
Insufficient input validation vulnerability in subsystem for Intel® Active Management Technology (Intel® AMT) before version 12.0.35 may allow privileged user to potentially enable denial of service via network access.
INTEL-SA-00213
05/14/2019
04/14/2020
CVE-2019-0096
6.7
Out of bound write vulnerability in subsystem for Intel® Active Management Technology (Intel® AMT) before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow authenticated user to potentially enable escalation of privilege via adjacent network access.
INTEL-SA-00213
05/14/2019
04/14/2020
CVE-2019-0094
4.3
Insufficient input validation vulnerability in subsystem for Intel® Active Management Technology (Intel® AMT) before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow unauthenticated user to potentially enable denial of service via adjacent network access
INTEL-SA-00213
05/14/2019
04/14/2020
CVE-2019-0093
2.3
Insufficient data sanitization vulnerability in HECI subsystem for Intel® CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35, Intel® Server Platform Services before version SPS_E3_05.00.04.027.0 may allow privileged user to potentially enable information disclosure via local access
INTEL-SA-00213
05/14/2019
04/14/2020
CVE-2019-0092
6.8
Insufficient input validation vulnerability in subsystem for Intel® Active Management Technology (Intel® AMT) before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow unauthenticated user to potentially enable escalation of privilege via physical access
INTEL-SA-00213
05/14/2019
04/14/2020
CVE-2019-0091
6.6
Code injection vulnerability in installer for Intel® CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel® TXE 3.1.65, 4.0.15 may allow unprivileged user to potentially enable escalation of privilege via local access.
INTEL-SA-00213
05/14/2019
04/14/2020
CVE-2019-0086
7.8
Insufficient access control vulnerability in Dynamic Application Loader software for Intel® CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel® TXE 3.1.65, 4.0.15 may allow unprivileged user to potentially enable escalation of privilege via local access
INTEL-SA-00213
05/14/2019
04/14/2020
CVE-2019-0090
7.1
Insufficient access control vulnerability in subsystem for Intel® CSME before version 12.0.35, Intel® Server Platform Services before version SPS_E3_05.00.04.027.0 may allow unauthenticated user to potentially enable escalation of privilege via physical access
INTEL-SA-00213
05/14/2019
04/14/2020
CVE-2019-0089
8.1
Improper data sanitization vulnerability in subsystem in Intel® Server Platform Services before versions SPS_E5_04.00.04.381.0, SPS_E3_04.01.04.054.0, SPS_SoC-A_04.00.04.181.0, and SPS_SoC-X_04.00.04.086.0 may allow privileged user to potentially enable escalation of privilege via local access
INTEL-SA-00213
05/14/2019
04/14/2020
N/A
4.3
Type confusion in HECI service for Intel® Server Platform Services Tools may allow authenticated user to potentially enable escalation of privilege via local access.
N/A
03/04/2019
-
CVE-2018-11091
3.8
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access
INTEL-SA-00233
05/14/2019
07/14/2020
CVE-2018-12130
6.5
Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
INTEL-SA-00233
05/14/2019
07/14/2020
CVE-2018-12127
6.5
Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
INTEL-SA-00233
05/14/2019
07/14/2020
Related news
Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter.
Dell BIOS contains a use of uninitialized variable vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.
An authentication issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5. A user may be unexpectedly logged in to another user’s account.
Insufficient input validation vulnerability in subsystem for Intel(R) AMT before version 12.0.35 may allow a privileged user to potentially enable denial of service via network access.