Total
339 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33908 | 1 Insyde | 1 Kernel | 2025-04-30 | N/A | 7.0 HIGH |
| DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdHostDriver driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022050 | |||||
| CVE-2022-32267 | 1 Insyde | 1 Kernel | 2025-04-30 | N/A | 6.4 MEDIUM |
| DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DMA transactions which are targeted at input buffers used for the software SMI handler used by the SmmResourceCheckDxe driver could cause SMRAM corruption through a TOCTOU attack... This issue was discovered by Insyde engineering. Fixed in kernel Kernel 5.2: 05.27.23. Kernel 5.3: 05.36.23. Kernel 5.4: 05.44.23. Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022046 | |||||
| CVE-2022-33909 | 1 Insyde | 1 Kernel | 2025-04-30 | N/A | 7.0 HIGH |
| DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the HddPassword driver could cause SMRAM corruption through a TOCTOU attack..This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022051 | |||||
| CVE-2022-33905 | 1 Insyde | 1 Kernel | 2025-04-30 | N/A | 7.0 HIGH |
| DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group, Fixed in kernel 5.2: 05.27.23, kernel 5.3: 05.36.23, kernel 5.4: 05.44.23, kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022047 | |||||
| CVE-2022-33906 | 1 Insyde | 1 Kernel | 2025-04-30 | N/A | 6.4 MEDIUM |
| DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the FwBlockServiceSmm driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel 5.2: 05.27.23, 5.3: 05.36.23, 5.4: 05.44.23, 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022048 | |||||
| CVE-2022-33907 | 1 Insyde | 1 Kernel | 2025-04-30 | N/A | 6.4 MEDIUM |
| DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049 | |||||
| CVE-2022-30283 | 1 Insyde | 1 Kernel | 2025-04-30 | N/A | 7.5 HIGH |
| In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges The UsbCoreDxe module creates a working buffer for USB transactions outside of SMRAM. The code which uses can be inside of SMM, making the working buffer untrusted input. The buffer can be corrupted by DMA transfers. The SMM code code attempts to sanitize pointers to ensure all pointers refer to the working buffer, but when a pointer is not found in the list of pointers to sanitize, the current action is not aborted, leading to undefined behavior. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in: Kernel 5.0: Version 05.09. 21 Kernel 5.1: Version 05.17.21 Kernel 5.2: Version 05.27.21 Kernel 5.3: Version 05.36.21 Kernel 5.4: Version 05.44.21 Kernel 5.5: Version 05.52.21 https://www.insyde.com/security-pledge/SA-2022063 | |||||
| CVE-2022-34830 | 1 Arm | 1 Utgard Gpu Kernel Driver | 2025-04-28 | N/A | 7.5 HIGH |
| An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory. | |||||
| CVE-2022-44651 | 1 Trendmicro | 1 Apex One | 2025-04-28 | N/A | 7.0 HIGH |
| A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2022-3590 | 1 Wordpress | 1 Wordpress | 2025-04-21 | N/A | 5.9 MEDIUM |
| WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden. | |||||
| CVE-2022-22753 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2025-04-16 | N/A | 7.1 HIGH |
| A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97, Thunderbird < 91.6, and Firefox ESR < 91.6. | |||||
| CVE-2025-32784 | 2025-04-15 | N/A | N/A | ||
| conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race condition vulnerability has been identified in the conda-forge-webservices component used within the shared build infrastructure. This vulnerability, categorized as a Time-of-Check to Time-of-Use (TOCTOU) issue, can be exploited to introduce unauthorized modifications to build artifacts stored in the cf-staging Anaconda channel. Exploitation may result in the unauthorized publication of malicious artifacts to the production conda-forge channel. The core vulnerability results from the absence of atomicity between the hash validation and the artifact copy operation. This gap allows an attacker, with access to the cf-staging token, to overwrite the validated artifact with a malicious version immediately after hash verification, but before the copy action is executed. As the cf-staging channel permits artifact overwrites, such an operation can be carried out using the anaconda upload --force command. This vulnerability is fixed in 2025.4.10. | |||||
| CVE-2022-26387 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-15 | N/A | 7.5 HIGH |
| When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. | |||||
| CVE-2022-32638 | 2 Google, Mediatek | 30 Android, Mt6781, Mt6833 and 27 more | 2025-04-10 | N/A | 6.4 MEDIUM |
| In isp, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494449; Issue ID: ALPS07494449. | |||||
| CVE-2025-21998 | 1 Linux | 1 Linux Kernel | 2025-04-10 | N/A | 4.7 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: fix efivars registration race Since the conversion to using the TZ allocator, the efivars service is registered before the memory pool has been allocated, something which can lead to a NULL-pointer dereference in case of a racing EFI variable access. Make sure that all resources have been set up before registering the efivars. | |||||
| CVE-2022-25716 | 1 Qualcomm | 14 Sd888 5g, Sd888 5g Firmware, Wcd9380 and 11 more | 2025-04-09 | N/A | 7.0 HIGH |
| Memory corruption in Multimedia Framework due to unsafe access to the data members | |||||
| CVE-2021-46795 | 1 Amd | 5 Cezannepi-fp6, Cezannepi-fp6 Firmware, Comboam4v2 Pi and 2 more | 2025-04-09 | N/A | 4.7 MEDIUM |
| A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service. | |||||
| CVE-2023-20523 | 1 Amd | 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more | 2025-04-07 | N/A | 5.7 MEDIUM |
| TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service. | |||||
| CVE-2024-43067 | 2025-04-07 | N/A | 7.8 HIGH | ||
| Memory corruption occurs during the copying of read data from the EEPROM because the IO configuration is exposed as shared memory. | |||||
| CVE-2022-48191 | 2 Microsoft, Trendmicro | 2 Windows, Maximum Security 2022 | 2025-04-03 | N/A | 7.0 HIGH |
| A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system. | |||||