VYPR

UsbCoreDxe

by Insyde

CVEs (3)

  • CVE-2022-29275HigNov 15, 2022
    risk 0.53cvss 8.2epss 0.00

    In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21…

  • CVE-2025-4276HigAug 13, 2025
    risk 0.49cvss 7.5epss 0.00

    UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level.

  • CVE-2022-30283HigNov 15, 2022
    risk 0.49cvss 7.5epss 0.00

    In UsbCoreDxe, tampering with the contents of the USB working buffer using DMA while certain USB transactions are in process leads to a TOCTOU problem that could be used by an attacker to cause SMRAM corruption and escalation of privileges The UsbCoreDxe module creates a working…