Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-20454

Summary
Assigner-MediaTek
Assigner Org ID-ee979b05-11f8-4f25-a7e0-a1fa9c190374
Published At-01 Jun, 2026 | 03:20
Updated At-02 Jun, 2026 | 03:55
Rejected At-
Credits

In geniezone, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6786.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:MediaTek
Assigner Org ID:ee979b05-11f8-4f25-a7e0-a1fa9c190374
Published At:01 Jun, 2026 | 03:20
Updated At:02 Jun, 2026 | 03:55
Rejected At:
â–¼CVE Numbering Authority (CNA)

In geniezone, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6786.

Affected Products
Vendor
MediaTek Inc.MediaTek, Inc.
Product
MediaTek chipset
Default Status
unaffected
Versions
Affected
  • MT6739
  • MT6761
  • MT6765
  • MT6768
  • MT6781
  • MT6789
  • MT6835
  • MT6853
  • MT6855
  • MT6877
  • MT6878
  • MT6879
  • MT6883
  • MT6885
  • MT6886
  • MT6889
  • MT6893
  • MT6895
  • MT6897
  • MT6899
  • MT6983
  • MT6985
  • MT6989
  • MT6991
  • MT8673
  • MT8765
  • MT8766
  • MT8768
  • MT8781
  • MT8786
  • MT8788
  • MT8791T
  • MT8793
  • MT8797
  • MT8798
  • MT8910
Problem Types
TypeCWE IDDescription
CWECWE-367CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Type: CWE
CWE ID: CWE-367
Description: CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://corp.mediatek.com/product-security-bulletin/June-2026
N/A
Hyperlink: https://corp.mediatek.com/product-security-bulletin/June-2026
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.16.4MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@mediatek.com
Published At:01 Jun, 2026 | 04:16
Updated At:01 Jun, 2026 | 18:09

In geniezone, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10873936; Issue ID: MSV-6786.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.4MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
MediaTek Inc.
mediatek
>>mt6739_firmware>>-
cpe:2.3:o:mediatek:mt6739_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6739>>-
cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6761_firmware>>-
cpe:2.3:o:mediatek:mt6761_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6761>>-
cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6765_firmware>>-
cpe:2.3:o:mediatek:mt6765_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6765>>-
cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6768_firmware>>-
cpe:2.3:o:mediatek:mt6768_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6768>>-
cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6781_firmware>>-
cpe:2.3:o:mediatek:mt6781_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6781>>-
cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6789_firmware>>-
cpe:2.3:o:mediatek:mt6789_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6789>>-
cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6835_firmware>>-
cpe:2.3:o:mediatek:mt6835_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6835>>-
cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6853_firmware>>-
cpe:2.3:o:mediatek:mt6853_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6853>>-
cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6855_firmware>>-
cpe:2.3:o:mediatek:mt6855_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6855>>-
cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6877_firmware>>-
cpe:2.3:o:mediatek:mt6877_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6877>>-
cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6878_firmware>>-
cpe:2.3:o:mediatek:mt6878_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6878>>-
cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6879_firmware>>-
cpe:2.3:o:mediatek:mt6879_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6879>>-
cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6883_firmware>>-
cpe:2.3:o:mediatek:mt6883_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6883>>-
cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6885_firmware>>-
cpe:2.3:o:mediatek:mt6885_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6885>>-
cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6886_firmware>>-
cpe:2.3:o:mediatek:mt6886_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6886>>-
cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6889_firmware>>-
cpe:2.3:o:mediatek:mt6889_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6889>>-
cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6893_firmware>>-
cpe:2.3:o:mediatek:mt6893_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6893>>-
cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6895_firmware>>-
cpe:2.3:o:mediatek:mt6895_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6895>>-
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6897_firmware>>-
cpe:2.3:o:mediatek:mt6897_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6897>>-
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6899_firmware>>-
cpe:2.3:o:mediatek:mt6899_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6899>>-
cpe:2.3:h:mediatek:mt6899:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6983_firmware>>-
cpe:2.3:o:mediatek:mt6983_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6983>>-
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6985_firmware>>-
cpe:2.3:o:mediatek:mt6985_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6985>>-
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6989_firmware>>-
cpe:2.3:o:mediatek:mt6989_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6989>>-
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6991_firmware>>-
cpe:2.3:o:mediatek:mt6991_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt6991>>-
cpe:2.3:h:mediatek:mt6991:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8673_firmware>>-
cpe:2.3:o:mediatek:mt8673_firmware:-:*:*:*:*:*:*:*
MediaTek Inc.
mediatek
>>mt8673>>-
cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-367Secondarysecurity@mediatek.com
CWE ID: CWE-367
Type: Secondary
Source: security@mediatek.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://corp.mediatek.com/product-security-bulletin/June-2026security@mediatek.com
Vendor Advisory
Hyperlink: https://corp.mediatek.com/product-security-bulletin/June-2026
Source: security@mediatek.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

71Records found
CVE-2023-28576
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.03% / 8.12%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:15
Updated-02 Aug, 2024 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Kernel Driver

The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-fastconnect_7800snapdragon_865_5gwcd9380_firmwarewsa8830qcs610sw5100psd865_5gfastconnect_6900fastconnect_6800fastconnect_6900_firmwaresnapdragon_8_gen_1_firmwarewcn3988_firmwareqcn9074snapdragon_870_5gwsa8835wcn3950_firmwaresnapdragon_8_gen_1wsa8810_firmwarewcd9380wcd9341_firmwarefastconnect_7800_firmwaresw5100wsa8810qca6436qcs410snapdragon_865\+_5gsnapdragon_x55_5gqcs610_firmwaresw5100p_firmwaresxr2130wcd9370snapdragon_865\+_5g_firmwarewcn3680bqca6426sxr2130_firmwarewcd9341wcn3980qca6391_firmwarewcn3950snapdragon_xr2_5g_firmwarewcd9370_firmwarewcn3660bwsa8815snapdragon_870_5g_firmwarewsa8830_firmwaresd865_5g_firmwareqca6426_firmwarewcn3660b_firmwarewcn3988wsa8815_firmwaresnapdragon_x55_5g_firmwarewcn3680b_firmwarewsa8835_firmwaresw5100_firmwareqcn9074_firmwarefastconnect_6800_firmwareqcs410_firmwaresnapdragon_865_5g_firmwareqca6391wcn3980_firmwareqca6436_firmwaresnapdragon_xr2_5gSnapdragon
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-0358
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.4||MEDIUM
EPSS-0.01% / 3.13%
||
7 Day CHG~0.00%
Published-17 Sep, 2020 | 20:53
Updated-04 Aug, 2024 | 05:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SurfaceFlinger, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150227563

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-416
Use After Free
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2023-20578
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.08% / 22.83%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 16:52
Updated-18 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_9224epyc_7303epyc_7f32epyc_9754s_firmwareepyc_7272_firmwareepyc_7313pepyc_7402p_firmwareepyc_7663_firmwareepyc_7301epyc_7662_firmwareepyc_9254_firmwareepyc_7203pepyc_7313p_firmwareepyc_9174f_firmwareepyc_9384x_firmwareepyc_7551_firmwareepyc_7232p_firmwareepyc_7443pepyc_9634epyc_7203epyc_7252_firmwareepyc_7551pepyc_7742epyc_7262epyc_8324pepyc_7663epyc_9124_firmwareepyc_7713epyc_7371_firmwareepyc_9684xepyc_7351p_firmwareepyc_7262_firmwareepyc_7501epyc_7552epyc_7451_firmwareepyc_8434pn_firmwareepyc_9454p_firmwareepyc_7773x_firmwareepyc_7302p_firmwareepyc_9754sepyc_72f3_firmwareepyc_7543pepyc_7573x_firmwareepyc_8534pnepyc_7702p_firmwareepyc_7702pepyc_7702_firmwareepyc_9124epyc_9224_firmwareepyc_7502epyc_7513_firmwareepyc_8534pepyc_7763epyc_8224p_firmwareepyc_7h12_firmwareepyc_7281epyc_9754_firmwareepyc_7543_firmwareepyc_7001_firmwareepyc_8024pnepyc_7473xepyc_75f3epyc_8434pepyc_9354epyc_8434pnepyc_74f3epyc_7303pepyc_9474fepyc_9634_firmwareepyc_7502p_firmwareepyc_7302pepyc_9684x_firmwareepyc_9384xepyc_8534p_firmwareepyc_9554pepyc_72f3epyc_7552_firmwareepyc_7272epyc_8224pnepyc_8124p_firmwareepyc_7453_firmwareepyc_7713p_firmwareepyc_9334_firmwareepyc_74f3_firmwareepyc_7282_firmwareepyc_7473x_firmwareepyc_7281_firmwareepyc_7001epyc_7f72_firmwareepyc_7642_firmwareepyc_7401epyc_7f52_firmwareepyc_7f72epyc_9734epyc_7502pepyc_7551p_firmwareepyc_9184xepyc_7371epyc_9654epyc_8324pnepyc_8124pnepyc_7663pepyc_7343epyc_7313epyc_7402_firmwareepyc_7402pepyc_9454_firmwareepyc_7742_firmwareepyc_7542_firmwareepyc_8124pn_firmwareepyc_7413_firmwareepyc_9654p_firmwareepyc_9474f_firmwareepyc_9534epyc_9374fepyc_7643_firmwareepyc_7261epyc_7452_firmwareepyc_7642epyc_7401_firmwareepyc_7f32_firmwareepyc_7203p_firmwareepyc_7543p_firmwareepyc_7601epyc_9654_firmwareepyc_7251epyc_7352_firmwareepyc_9554_firmwareepyc_7763_firmwareepyc_9654pepyc_9454pepyc_7252epyc_7232pepyc_7543epyc_7301_firmwareepyc_7713_firmwareepyc_7643epyc_7663p_firmwareepyc_7662epyc_8224pn_firmwareepyc_7351epyc_7502_firmwareepyc_9274f_firmwareepyc_7532epyc_7501_firmwareepyc_7343_firmwareepyc_7643pepyc_7702epyc_7573xepyc_9534_firmwareepyc_7302epyc_7303_firmwareepyc_7513epyc_9184x_firmwareepyc_7413epyc_7453epyc_9354_firmwareepyc_8224pepyc_9374f_firmwareepyc_7443p_firmwareepyc_75f3_firmwareepyc_7h12epyc_7401p_firmwareepyc_7282epyc_7251_firmwareepyc_7373x_firmwareepyc_9254epyc_9354p_firmwareepyc_7551epyc_8024pepyc_7443_firmwareepyc_7443epyc_8024p_firmwareepyc_7203_firmwareepyc_7402epyc_9554p_firmwareepyc_7313_firmwareepyc_7601_firmwareepyc_9734_firmwareepyc_7643p_firmwareepyc_7542epyc_7452epyc_7352epyc_7261_firmwareepyc_8324p_firmwareepyc_9354pepyc_7451epyc_9174fepyc_7351_firmwareepyc_7773xepyc_7373xepyc_7532_firmwareepyc_73f3epyc_8434p_firmwareepyc_9274fepyc_8534pn_firmwareepyc_7713pepyc_9754epyc_7401pepyc_7f52epyc_8124pepyc_9454epyc_8324pn_firmwareepyc_9334epyc_7302_firmwareepyc_8024pn_firmwareepyc_73f3_firmwareepyc_7303p_firmwareepyc_9554epyc_7351pAMD EPYCâ„¢ Embedded 3000AMD Ryzenâ„¢ Embedded 7000AMD EPYCâ„¢ 7001 ProcessorsAMD Ryzenâ„¢ 6000 Series Processors with Radeonâ„¢ GraphicsAMD EPYCâ„¢ 7003 ProcessorsAMD EPYCâ„¢ Embedded 7003AMD EPYCâ„¢ 9004 ProcessorsAMD EPYCâ„¢ 7002 ProcessorsAMD RyzenTM Embedded V3000AMD Ryzenâ„¢ 7035 Series Processors with Radeonâ„¢ GraphicsAMD EPYCâ„¢ Embedded 9003AMD EPYCâ„¢ Embedded 7002AMD Ryzenâ„¢ Threadripperâ„¢ PRO 5000WX ProcessorsAMD Ryzenâ„¢ 7020 Series Processors with Radeonâ„¢ GraphicsAMD Ryzenâ„¢ 7000 Series Desktop Processorsepyc_embedded_7002epyc_embedded_7003epyc_embedded_3000epyc_7001epyc_embedded_9003epyc_7002epyc_9004ryzen_embedded_7000ryzen_embedded_v3000
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2021-35937
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.01% / 2.53%
||
7 Day CHG~0.00%
Published-25 Aug, 2022 | 00:00
Updated-04 Aug, 2024 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Action-Not Available
Vendor-rpmn/aRed Hat, Inc.Fedora Project
Product-fedorarpmenterprise_linuxRPM
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2022-33907
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.05% / 16.39%
||
7 Day CHG~0.00%
Published-14 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25 https://www.insyde.com/security-pledge/SA-2022049

Action-Not Available
Vendor-n/aInsyde Software Corp. (ISC)
Product-kerneln/a
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2022-33982
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.05% / 16.39%
||
7 Day CHG~0.00%
Published-14 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buffer used by the software SMI handler used by the driver Int15ServiceSmm could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23 CWE-367

Action-Not Available
Vendor-n/aInsyde Software Corp. (ISC)
Product-kerneln/a
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2022-30773
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.09% / 26.09%
||
7 Day CHG+0.05%
Published-14 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). This issue was discovered by Insyde engineering. This issue is fixed in Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23. CWE-367

Action-Not Available
Vendor-n/aInsyde Software Corp. (ISC)
Product-kerneln/a
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2022-30774
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.05% / 16.39%
||
7 Day CHG~0.00%
Published-14 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) . This issue was discovered by Insyde engineering during a security review. This iss was fixed in Kernel 5.2: 05.27.29, Kernel 5.3: 05.36.25, Kernel 5.4: 05.44.25, Kernel 5.5: 05.52.25. CWE-367 https://www.insyde.com/security-pledge/SA-2022043

Action-Not Available
Vendor-n/aInsyde Software Corp. (ISC)
Product-kerneln/a
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2024-5558
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-6.4||MEDIUM
EPSS-0.07% / 21.15%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 16:26
Updated-01 Aug, 2024 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability exists that could cause escalation of privileges when an attacker abuses a limited admin account.

Action-Not Available
Vendor-
Product-SpaceLogic AS-BSpaceLogic AS-Pspacelogic_as-pspacelogic_as-b
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2022-21198
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-7.9||HIGH
EPSS-0.05% / 15.14%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:49
Updated-04 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-celeron_g5920celeron_5205ucore_i7-11850hceleron_g5925_firmwarecore_i5-11500tpentium_gold_g7400tcore_i7-12650hceleron_n2808_firmwareceleron_g1830core_i5-10310ycore_i3-10100t_firmwarecore_i5-12600_firmwarecore_i5-1145g7ecore_i7-10510ucore_i5-11300hpentium_gold_4415y_firmwareceleron_g1630core_i5-1030g7_firmwarecore_i7-11800hxeon_w-2223core_i5-10600tpentium_gold_4417u_firmwareceleron_g1820tecore_i7-1165g7core_i3-1220pe_firmwarecore_i5-10300hceleron_j3455_firmwareceleron_b800core_i9-12900h_firmwarecore_i3-1120g4_firmwarecore_i7-11370hcore_i7-1255uceleron_j4025core_i3-1215uceleron_b710core_i3-10105tcore_i5-1155g7_firmwarecore_i5-12600hlcore_i7-10710uceleron_n6210_firmwarecore_i9-11900t_firmwarepentium_gold_g6500celeron_g550txeon_w-3235_firmwarepentium_silver_n6005core_i7-11800h_firmwareceleron_847core_i3-11100he_firmwareceleron_g4900t_firmwareceleron_g5205u_firmwareceleron_g3900_firmwareceleron_n2805_firmwarecore_i7-12800h_firmwareceleron_n3350e_firmwarecore_i5-11600kf_firmwarecore_i5-10400hceleron_g4900_firmwarecore_i9-10900tecore_i5-1230u_firmwareceleron_1017upentium_gold_g6405_firmwarecore_i5-1145g7core_i3-10300celeron_n3050_firmwareceleron_807ue_firmwarecore_i5-1130g7core_i5-12600k_firmwareceleron_g3900t_firmwarecore_i5-1030g4_firmwarexeon_w-3365_firmwarexeon_w-1390t_firmwarepentium_gold_g5400t_firmwarecore_i3-1115g4ecore_i9-11900kf_firmwarecore_i5-12500core_i5-1245uecore_i7-1280p_firmwarepentium_gold_g5420_firmwareceleron_g460_firmwareceleron_g4900celeron_n4000core_i7-11370h_firmwarepentium_gold_g5620_firmwarexeon_w-1350_firmwarecore_i7-1068ng7xeon_w-2275_firmwarecore_i7-11390hceleron_j6412core_i9-11900fceleron_g5905t_firmwarecore_i3-1215uecore_i5-10500txeon_w-1290t_firmwarecore_i5-12600kfcore_i9-10900kfceleron_g5925core_i5-11400hceleron_2981uceleron_3965ycore_i5-12500hlceleron_2980u_firmwarecore_i5-11400tcore_i7-10810uceleron_g4930_firmwarepentium_gold_g7400t_firmwareceleron_g3900e_firmwarecore_i3-12100eceleron_b830_firmwarecore_i7-11700kfceleron_g465core_i3-10300_firmwarecore_i3-10320_firmwareceleron_g3900te_firmwarepentium_gold_g5600tcore_i3-1115g4e_firmwarecore_i7-12800hcore_i5-1135g7_firmwarepentium_gold_8505_firmwarecore_i3-10105_firmwareceleron_6600he_firmwareceleron_1017u_firmwareceleron_5205u_firmwareceleron_g3920t_firmwareceleron_n2820core_i3-11100hecore_i5-1035g4core_i9-12900kfceleron_g1840tceleron_n3150core_i7-10700fceleron_j4105core_i7-11390h_firmwarecore_i5-1145g7e_firmwarecore_i5-12500hl_firmwarecore_i7-12650h_firmwarecore_i3-10110y_firmwarexeon_w-2235core_i5-1250pcore_i5-11300h_firmwareceleron_g465_firmwarecore_i3-1215u_firmwarecore_i5-1035g7_firmwareceleron_g3930exeon_w-1250pentium_gold_g6605_firmwareceleron_2970mceleron_n4000c_firmwarecore_i7-10700e_firmwarecore_i7-1265ulceleron_g3900ecore_i7-11375h_firmwarecore_i5-1035g4_firmwareceleron_g4930t_firmwareceleron_g3930tecore_i3-1115g4core_i3-10300tceleron_g3902ecore_i3-10110ycore_i5-12450h_firmwarecore_i5-12600heceleron_g1620tceleron_1019yceleron_1020mcore_i9-11900kfceleron_797core_i3-10100_firmwareceleron_j3455e_firmwarecore_i7-12800hecore_i9-10980hk_firmwarecore_i5-1245ul_firmwareceleron_g6900t_firmwarexeon_w-1270p_firmwareceleron_n2930_firmwarecore_i7-11850he_firmwarexeon_w-3275mpentium_gold_4425y_firmwarepentium_gold_4415u_firmwareceleron_2957ucore_i3-12100celeron_g3900core_i7-1195g7core_i3-12300_firmwarepentium_gold_g5600_firmwareceleron_g3930tceleron_g4920core_i7-1260upentium_gold_g6600_firmwarexeon_w-3375celeron_n3700celeron_3855uceleron_n6211core_i5-1240u_firmwarecore_i7-1185g7e_firmwareceleron_g5305ucore_i5-12500hcore_i7-12850hx_firmwarepentium_gold_g5620core_i3-1210ucore_i7-12800hx_firmwarexeon_w-1290p_firmwareceleron_g1610_firmwareceleron_n3000core_i7-10875hceleron_j3060_firmwareceleron_3765u_firmwarecore_i5-12500ecore_i7-12700hxeon_w-1390celeron_g1830_firmwareceleron_g4930e_firmwarecore_i5-11500he_firmwareceleron_n3520_firmwareceleron_877celeron_n2807core_i7-12700_firmwareceleron_n2830celeron_n4000_firmwarecore_i9-10850kceleron_827ecore_i5-1145g7_firmwarecore_i7-11700k_firmwarecore_i7-1265uceleron_j1800core_i5-1230uceleron_g550_firmwarecore_i7-1270p_firmwarepentium_gold_4410y_firmwareceleron_g3930te_firmwarexeon_w-1370pcore_i9-12900kf_firmwarepentium_gold_g5500tcore_i5-12400core_i7-12700fcore_i7-10700kf_firmwareceleron_n3000_firmwareceleron_g3930t_firmwareceleron_g5305u_firmwareceleron_7300celeron_j6413celeron_n4020c_firmwarecore_i7-1180g7_firmwareceleron_b800_firmwarecore_i9-12900k_firmwarexeon_w-3265celeron_n2940core_i3-12100tcore_i7-1160g7celeron_n2840_firmwarecore_i9-10900ecore_i9-11900_firmwareceleron_n4000cceleron_n3450_firmwarexeon_w-3375_firmwareceleron_b810e_firmwareceleron_g3940celeron_1007u_firmwarecore_i3-1115g4_firmwarecore_i9-10900te_firmwareceleron_n6210celeron_847_firmwareceleron_g555_firmwarecore_i5-1245u_firmwareceleron_g5205ucore_i5-1235ulcore_i3-10100xeon_w-1390_firmwarecore_i5-11320hcore_i7-10750hcore_i9-11900celeron_4205ucore_i3-10100tcore_i5-10500h_firmwareceleron_3865u_firmwarecore_i5-11500pentium_gold_g6500t_firmwarepentium_gold_7505_firmwareceleron_g3950celeron_g440_firmwarecore_i3-12100texeon_w-1290celeron_g530t_firmwareceleron_n2810_firmwarexeon_w-2295_firmwarepentium_gold_g5420t_firmwarecore_i5-10500te_firmwarecore_i9-12900ksceleron_g530tcore_i3-10320xeon_w-3345_firmwarecore_i5-10310u_firmwareceleron_g3920_firmwareceleron_n4504_firmwarecore_i5-12450hceleron_j6412_firmwarecore_i7-10710u_firmwarecore_i5-12600hl_firmwarecore_i5-10600kf_firmwareceleron_g5900_firmwareceleron_n3160_firmwareceleron_807core_i5-12500tceleron_b815celeron_4305uecore_i5-10400t_firmwarexeon_w-3275celeron_n5100celeron_857_firmwarecore_i5-12600hceleron_j4005core_i3-10105t_firmwarecore_i3-12100t_firmwarecore_i5-1250pe_firmwarecore_i7-10870h_firmwarexeon_w-1290pcore_i5-10500tecore_i7-10700kfceleron_j4125_firmwarecore_i7-1185g7ecore_i3-10100tecore_i5-12600celeron_g470core_i7-10700_firmwarecore_i7-12700tcore_i9-12900epentium_gold_g5600t_firmwarecore_i9-12900hkpentium_gold_6500y_firmwarexeon_w-2235_firmwareceleron_n3700_firmwarexeon_w-2245_firmwareceleron_n3450celeron_g540xeon_w-2223_firmwarecore_i3-1220p_firmwarecore_i7-1160g7_firmwareceleron_n2920core_i5-12400f_firmwarecore_i7-11700_firmwarecore_i5-10505_firmwarecore_i7-10700te_firmwarecore_i5-10300h_firmwarexeon_w-2225_firmwareceleron_3755u_firmwareceleron_j4115xeon_w-3335_firmwareceleron_4305uceleron_867_firmwareceleron_g1610t_firmwarecore_i3-1125g4_firmwarecore_i5-12400t_firmwarecore_i7-11600h_firmwarexeon_w-2255core_i3-10105fxeon_w-3225_firmwareceleron_n2910core_i7-1065g7_firmwareceleron_j4115_firmwarecore_i7-10700f_firmwarecore_i7-1265ul_firmwarecore_i3-10300t_firmwarecore_i5-11600kcore_i9-10900kf_firmwarecore_i5-11400t_firmwareceleron_g6900core_i3-10110u_firmwarecore_i5-12600t_firmwarepentium_gold_g6405t_firmwareceleron_6305_firmwarexeon_w-1270_firmwareceleron_3955u_firmwarecore_i7-10700tcore_i7-12700core_i7-12700kf_firmwareceleron_3955uxeon_w-1350celeron_1020e_firmwarepentium_gold_g5400_firmwareceleron_n3150_firmwarecore_i5-1140g7_firmwarecore_i5-1038ng7_firmwarecore_i5-11500h_firmwarecore_i7-11600hxeon_w-3323celeron_n4020_firmwarecore_i9-10900celeron_7305_firmwarecore_i5-1235ucore_i7-11375hcore_i7-12700eceleron_2955uceleron_n5100_firmwareceleron_g3900tceleron_n4504core_i7-1255ul_firmwarecore_i7-12800hl_firmwarepentium_gold_4425ycore_i7-1250u_firmwarecore_i5-10400tcore_i3-10100y_firmwareceleron_g555core_i3-12300t_firmwarepentium_gold_g6405tceleron_3965y_firmwareceleron_g3930celeron_g1610tcore_i5-10400_firmwarecore_i5-12600kf_firmwarecore_i9-12900teceleron_g1840_firmwarexeon_w-2255_firmwarecore_i5-10500hcore_i7-10700kcore_i7-10700ecore_i9-10900tcore_i9-10900f_firmwarecore_i9-12950hxxeon_w-1370_firmwareceleron_b810_firmwarecore_i5-11500hpentium_gold_g6505_firmwareceleron_j4125xeon_w-1350p_firmwarecore_i5-11600_firmwarecore_i5-10400f_firmwareceleron_3865uxeon_w-3223core_i9-11900h_firmwarepentium_gold_8505celeron_1019y_firmwarecore_i3-12300celeron_g5905_firmwareceleron_n2840celeron_725c_firmwarecore_i5-1035g1celeron_797_firmwarecore_i5-12500_firmwarecore_i7-11850h_firmwarepentium_gold_g6505t_firmwareceleron_g540tcore_i7-10510yceleron_n4020cceleron_j6413_firmwarecore_i5-11320h_firmwarexeon_w-2295celeron_6305e_firmwarecore_i3-12100e_firmwarecore_i7-1068ng7_firmwareceleron_b810exeon_w-2225core_i5-11600t_firmwarecore_i3-10100fcore_i7-10750h_firmwareceleron_b720_firmwarecore_i5-1035g7core_i7-10870hcore_i5-11500hecore_i3-12300he_firmwarecore_i7-11700t_firmwarecore_i7-1185g7core_i9-11900f_firmwarecore_i9-12900hpentium_gold_g6605celeron_n4120core_i5-10500_firmwareceleron_n6211_firmwareceleron_807_firmwareceleron_j4105_firmwarecore_i9-11900kceleron_847e_firmwarecore_i5-12450hxceleron_n4100core_i9-10900kceleron_b720core_i7-10700t_firmwarepentium_gold_6405u_firmwarecore_i9-10900fcore_i9-12900core_i5-10500exeon_w-2265core_i7-1270pecore_i9-12900ks_firmwarecore_i7-11700celeron_g550t_firmwareceleron_g440celeron_g4900tcore_i5-10200h_firmwareceleron_g3930_firmwarecore_i5-11600k_firmwareceleron_j1900core_i5-10500pentium_gold_8500_firmwarecore_i9-12900hxceleron_g1820tcore_i9-11950h_firmwarecore_i5-10210y_firmwarepentium_silver_n6005_firmwarepentium_gold_4415ypentium_gold_g6405xeon_w-3275m_firmwareceleron_n2806_firmwareceleron_g1820core_i5-1245ue_firmwarepentium_gold_g6400_firmwarecore_i5-10600t_firmwareceleron_j1850_firmwarecore_i9-12950hx_firmwareceleron_4305ue_firmwarecore_i3-1115gre_firmwareceleron_n5105celeron_g5920_firmwareceleron_5305u_firmwarecore_i5-12400tceleron_g460core_i7-10610uceleron_b815_firmwarecore_i9-12900te_firmwarepentium_gold_g5420tcore_i3-1005g1_firmwareceleron_n3350xeon_w-3245m_firmwarexeon_w-3345core_i9-10900k_firmwarepentium_gold_g7400_firmwarecore_i9-10900_firmwareceleron_g470_firmwareceleron_j3060core_i3-1125g4celeron_g5905core_i7-11700kf_firmwarepentium_gold_g7400core_i9-12900tcore_i5-11500t_firmwarexeon_w-3365core_i7-1280pcore_i3-10105f_firmwarepentium_gold_g6505xeon_w-2265_firmwareceleron_6305xeon_w-1350pceleron_2957u_firmwareceleron_j4005_firmwareceleron_725cceleron_887pentium_gold_g6505txeon_w-1390tceleron_6305ecore_i5-12600tcore_i9-10900t_firmwarexeon_w-3323_firmwareceleron_1005mcore_i7-12700teceleron_j3160core_i5-10600kcore_i5-11260hceleron_5305ucore_i5-1245ulcore_i5-12500teceleron_887_firmwareceleron_n4500core_i5-12600hxceleron_g1630_firmwarecore_i3-1005g1core_i5-1250peceleron_j4025_firmwareceleron_n2820_firmwarecore_i7-1250ucore_i5-11600core_i7-1265u_firmwarecore_i9-10885h_firmwareceleron_867core_i5-1240pxeon_w-1290txeon_w-1370celeron_1000m_firmwarepentium_gold_g5500core_i3-1110g4_firmwareceleron_n2940_firmwareceleron_g3920core_i7-1255u_firmwarepentium_gold_6405uceleron_g1820_firmwarecore_i5-11400h_firmwareceleron_g530_firmwarecore_i5-1235ul_firmwareceleron_g4950_firmwareceleron_g1850_firmwareceleron_g4930xeon_w-2275celeron_b820_firmwareceleron_807uecore_i9-12900t_firmwarecore_i5-10200hceleron_n3060_firmwarexeon_w-3275_firmwarexeon_w-3235xeon_w-3245_firmwareceleron_6600hecore_i5-1240p_firmwarecore_i5-10210ucore_i7-11700tcore_i3-12300tcore_i3-10100e_firmwareceleron_j3355e_firmwarecore_i3-1215ulceleron_g3902e_firmwarecore_i3-1000g1_firmwareceleron_b820core_i3-12300hlcore_i7-12850hxcore_i5-12400fceleron_g4950celeron_7300_firmwarecore_i3-1210u_firmwarecore_i9-12900kcore_i3-1220pecore_i9-12900hk_firmwareceleron_n5095pentium_gold_g6600celeron_j3160_firmwarepentium_gold_g5500t_firmwarecore_i5-11400f_firmwarecore_i5-10210ycore_i9-10885hxeon_w-2245celeron_847ecore_i3-10305t_firmwareceleron_g550core_i5-11500_firmwareceleron_1020ecore_i9-11900hceleron_j1750celeron_g540_firmwarecore_i5-1030g7core_i7-10875h_firmwarecore_i5-11600tcore_i5-1240ucore_i7-10700k_firmwareceleron_g3920tceleron_g6900_firmwarecore_i3-10305tpentium_gold_g6400celeron_1007ucore_i7-1260pcore_i3-10325_firmwarexeon_w-1270pceleron_7305celeron_j1850pentium_gold_5405u_firmwarecore_i5-10600k_firmwarecore_i3-12300hepentium_gold_4417ucore_i3-10100epentium_gold_6500yceleron_4305u_firmwarecore_i7-11700fcore_i5-10600_firmwarecore_i7-12700te_firmwareceleron_g1610pentium_gold_4410ycore_i5-10400h_firmwareceleron_3755uceleron_787_firmwarecore_i7-10610u_firmwareceleron_n3010celeron_827e_firmwarepentium_gold_4415uceleron_j3355_firmwarecore_i7-1260p_firmwarecore_i7-1265ue_firmwarecore_i3-1220pcore_i3-12100te_firmwareceleron_857core_i5-1030g4celeron_1047uecore_i5-12600hx_firmwarecore_i7-12700hlxeon_w-1290_firmwarecore_i7-1180g7celeron_n5095_firmwarecore_i7-1260u_firmwareceleron_n4505_firmwareceleron_n5105_firmwareceleron_3965ucore_i7-10850hpentium_gold_g5600core_i7-12650hx_firmwarecore_i5-11600kfpentium_gold_g6400t_firmwareceleron_g3930e_firmwarepentium_gold_g6400tcore_i3-1000g4core_i7-1270pe_firmwarecore_i5-1245uceleron_2980uceleron_2981u_firmwareceleron_g4930tcore_i5-12450hx_firmwareceleron_n4020core_i7-12650hxcore_i9-11900tceleron_1020m_firmwarecore_i3-1120g4celeron_j3455ecore_i5-12500te_firmwarecore_i5-10505core_i5-1035g1_firmwarexeon_w-1250pcore_i9-12900fcore_i5-12400_firmwareceleron_3965u_firmwareceleron_g1820t_firmwarecore_i7-12800he_firmwarecore_i5-1038ng7core_i7-10810u_firmwarecore_i9-12900f_firmwarexeon_w-3225core_i9-12900hx_firmwarecore_i5-1145greceleron_3867u_firmwarexeon_w-3265_firmwarexeon_w-3245celeron_n3350_firmwarecore_i5-12500h_firmwareceleron_n4505core_i3-12100_firmwarecore_i5-1145gre_firmwarecore_i3-10100f_firmwareceleron_n2810celeron_n4100_firmwareceleron_g1620t_firmwareceleron_1037ucore_i9-10850k_firmwarecore_i7-12700k_firmwareceleron_g5900tceleron_877_firmwarecore_i5-1155g7celeron_g3940_firmwarecore_i5-10500e_firmwarecore_i5-11400fceleron_n4120_firmwarecore_i7-12700f_firmwareceleron_2955u_firmwareceleron_g1840t_firmwareceleron_g6900tcore_i3-12100f_firmwarecore_i7-10700tecore_i5-11400core_i7-10510u_firmwareceleron_n2830_firmwareceleron_927ue_firmwarecore_i7-11700f_firmwareceleron_g5900core_i5-12500t_firmwarecore_i7-11850hecore_i7-1060g7_firmwarecore_i5-10210u_firmwareceleron_1037u_firmwarepentium_gold_7505pentium_gold_g5400core_i3-10105celeron_j3355core_i7-10850h_firmwarecore_i3-10110ucore_i7-11700kceleron_n2808celeron_g3900tecore_i5-1235u_firmwarecore_i5-10600celeron_g1820te_firmwarecore_i5-12500e_firmwarecore_i5-11260h_firmwareceleron_n3160core_i5-10400fcore_i5-1250p_firmwareceleron_1000mceleron_g1620_firmwareceleron_j3455core_i3-10100yceleron_g4920_firmwarecore_i5-12600kxeon_w-1370p_firmwarecore_i3-1110g4core_i5-1135g7pentium_gold_g6500_firmwarecore_i3-1000g1core_i5-1130g7_firmwarecore_i7-10700celeron_b840core_i3-1000g4_firmwareceleron_787core_i9-10980hkxeon_w-3265mcore_i3-10100te_firmwarexeon_w-3223_firmwareceleron_4205u_firmwarecore_i9-11900k_firmwareceleron_b710_firmwarecore_i3-12100fcore_i3-1215ul_firmwareceleron_n3520core_i7-12800hlceleron_3867uceleron_b810celeron_g4932e_firmwarepentium_gold_g5400tceleron_n2815_firmwarecore_i3-1115greceleron_g4930ecore_i7-1265uexeon_w-3265m_firmwareceleron_3765uceleron_n3010_firmwareceleron_n2805core_i7-10510y_firmwarecore_i5-11400_firmwarecore_i9-11950hceleron_g530pentium_gold_g5420celeron_j1800_firmwarexeon_w-3245mceleron_n2806celeron_g5905tceleron_n2920_firmwarecore_i7-12700kfpentium_gold_g5500_firmwarexeon_w-1250_firmwarexeon_w-3335pentium_silver_n6000_firmwarepentium_gold_g6500txeon_w-1270xeon_w-1390p_firmwarecore_i7-1185g7_firmwarecore_i5-10500t_firmwarepentium_gold_8500core_i7-12700h_firmwareceleron_g5900t_firmwarecore_i5-10310uceleron_3855u_firmwareceleron_n2910_firmwarecore_i5-12600h_firmwarecore_i5-12600he_firmwareceleron_n4500_firmwarecore_i5-1140g7core_i9-10900e_firmwarecore_i9-11980hkceleron_j1900_firmwareceleron_j1750_firmwarecore_i7-12700hl_firmwarecore_i3-10325celeron_n2930core_i7-12700kcore_i3-1215ue_firmwareceleron_927uecore_i7-1270pcore_i9-12900_firmwarepentium_silver_n6000xeon_w-1250p_firmwareceleron_n3350eceleron_g540t_firmwareceleron_n3050celeron_n2815celeron_g4932ecore_i7-1060g7xeon_w-1390pcore_i5-10600kfcore_i3-12300hl_firmwareceleron_b830core_i7-1165g7_firmwareceleron_b840_firmwarecore_i3-10305_firmwareceleron_n3060core_i9-11980hk_firmwarepentium_gold_5405uceleron_g3950_firmwarecore_i7-1185gre_firmwarecore_i3-10305core_i5-10310y_firmwarecore_i7-12700t_firmwarecore_i9-12900e_firmwareceleron_1005m_firmwareceleron_g1850core_i7-1195g7_firmwarecore_i5-10400celeron_1047ue_firmwarecore_i7-1255ulcore_i7-12800hxcore_i7-12700e_firmwarecore_i7-1065g7core_i7-1185greceleron_g1840celeron_j3355eceleron_g1620celeron_2970m_firmwareceleron_n2807_firmwareIntel(R) Processors
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2025-59610
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.01% / 1.95%
||
7 Day CHG~0.00%
Published-01 Jun, 2026 | 22:05
Updated-02 Jun, 2026 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver

Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_660_mobile_platform_firmwareqcn9011_firmwaresm4850_firmwareqcn9011wcn3615_firmwaremolokaiqcs8550monaco_iot_firmwareqxm1094wcn7881wsa8840_firmwaresm8635p_firmwaresm6450p_firmwareqca8695au_firmwaresdr753lemansau_firmwaresd_8_gen1_5gsm7325p_firmwareqcm5430qca6391sw5100wcn6450snapdragon_662_mobile_platform_firmwarewcn7760_firmwarewcd9370snapdragon_7_gen_1_mobile_platform_firmwareqca6574aqca6698au_firmwaresnapdragon_g1_gen_2_gaming_platform_firmwaresm8750p_firmwarevideo_collaboration_vc1_platform_firmwareqxm1094_firmwaresa8145pvideo_collaboration_vc3_platform_firmwaresnapdragon_auto_4g_modem_firmwareqam8397p_firmwareqamsrv1hwcd9395_firmwarefastconnect_6900snapdragon_888_5g_mobile_platform_firmwaresnapdragon_8_gen_3_mobile_platform_firmwareqca6688aqsnapdragon_695_5g_mobile_platformnetrani_firmwaresnapdragon_690_5g_mobile_platformwcn7860csrb31024_firmwaresm8735p_firmwarewcn7861_firmwareqca6391_firmwaresar1165p_firmwaresm7525_firmwaresm7550wsa8832_firmwarewsa8845qca6688aq_firmwarewcd9341_firmwaresm6450pmonaco_iotwcn3660b_firmwaresa6155psxr2250pqca6678aq_firmwareqcm5430_firmwaresnapdragon_690_5g_mobile_platform_firmwaresm6475qwcn7860_firmwaresnapdragon_429_mobile_platformqxm1095wsa8840qam8797pwcn6650_firmwareqln1083bdsnapdragon_870_5g_mobile_platform_firmwarewcn3990_firmwaresw5100pqca8695aug1_gen_1sdm429wqcs4290_firmwaresnapdragon_auto_5g_modem-rfqamsrv1m_firmwaresnapdragon_865_5g_mobile_platformxrv7209qcm4325_firmwaresnapdragon_480_5g_mobile_platformvideo_collaboration_vc5_platform_firmwaresa8255pwcd9370_firmwaresm8550psd865_5gqamsrv1mwcn3980snapdragon_8_elite_gen_5iq-615_firmwarewcd9378qpa1083bdsnapdragon_7s_gen_3_mobile_platformwcn6755_firmwaresnapdragon_7\+_gen_2_mobile_platformwcn7881_firmwaresar2130p_firmwarewcn7880sm6850_firmwarewsa8830wsa8855cqrb5165mwcd9335_firmwareqcs2290_firmwareqam8295p_firmwaresm6475q_firmwaresnapdragon_auto_4g_modemsm8750pqmb715_firmwaresrv1hwcn3620qmb415_firmwaresnapdragon_4_gen_1_mobile_platform_firmwaresnapdragon_6_gen_4_mobile_platformqxm1096_firmwaresnapdragon_680_4g_mobile_platformwcd9385snapdragon_x53_5g_modem-rf_systemwcn3620_firmwaresnapdragon_460_mobile_platformsm8845p_firmwaresnapdragon_8\+_gen_1_mobile_platformsnapdragon_7s_gen_3_mobile_platform_firmwaresnapdragon_460_mobile_platform_firmwareqca6574a_firmwaresa7255p_firmwareqamsrv1h_firmwaresm8475p_firmwaresm8475pqln1083bd_firmwaresnapdragon_782g_mobile_platformwcn3910lemans_au_lgitqcs4490_firmwaresm7550_firmwaresm7550p_firmwarecq8725s_firmwaresnapdragon_778g_5g_mobile_platform_firmwaresnapdragon_8_gen_1_mobile_platform_firmwareqca6698aq_firmwaresa8620psm6225psa6150p_firmwaresnapdragon_8\+_gen_1_mobile_platform_firmwaresw5100_firmwarefsm100_platformwcn7760snapdragon_wear_elite_platform_firmwareorneiq-8275_firmwaresnapdragon_6_gen_1_mobile_platformqxm1083_firmwareqcs4490sa6155_firmwarelemansauqmp1000sa4150psa8155qcn9012snapdragon_865\+_5g_mobile_platformg3x_gen_2_firmwaresnapdragon_778g_5g_mobile_platformsnapdragon_8_elite_firmwarerobotics_rb5_platformsa6150psdr753_firmwaresnapdragon_888_5g_mobile_platformsa8195pqca6797aq_firmwaresnapdragon_480\+_5g_mobile_platform_firmwaresnapdragon_7\+_gen_2_mobile_platform_firmwarevision_intelligence_400_platform_firmwarewcn3615iq-9075_firmwaresxr2330p_firmwaresa8295p_firmwaresa8145p_firmwareflight_rb5_5g_platformwcd9371_firmwarewcd9326_firmwareqca6595aufastconnect_6200_firmwarecsra6620_firmwaresnapdragon_685_4g_mobile_platformsm8845pc-v2x_9150qmp1000_firmwareqpa1086bd_firmware5g_fixed_wireless_access_platformqxm1086_firmwaresm8550p_firmwarecsra6640qmb715wcd9390snapdragon_660_mobile_platformsa8150pfastconnect_7800sm7325psnapdragon_429_mobile_platform_firmwarewcd9371qcm4490_firmwaresa4155p_firmwarewsa8850themistowsa8835_firmwaresm8635pwcd9341sa8195p_firmwareqln1086bdg1_gen_1_firmwaresnapdragon_695_5g_mobile_platform_firmwarekalpeniqca6595sm6475p_firmwareg2_gen_1_firmwarewcd9385_firmwareqcs6690robotics_rb2_platform_firmwaresnapdragon_x53_5g_modem-rf_system_firmwaresm7675wsa8850w_firmwarewsa88355g_fixed_wireless_access_platform_firmwareqca6595au_firmwareqam8295pqcm4325wcn3910_firmwaresnapdragon_ar1_gen_1_platformsm6475psm8635_firmwareqxm1095_firmwaresnapdragon_8_gen_3_mobile_platformsd662wcn6650sa8255p_firmwaremilos_firmwaresda660_firmwaresnapdragon_8_eliteqcs6690_firmwarewcd9380wcd9375_firmwaresa6145p_firmwaresa4155psxr2330plemans_au_lgit_firmwaresnapdragon_4_gen_2_mobile_platform_firmwarenetranisa6145pqxm1086xrv9209fastconnect_6700pandeiro_firmwaremilos_iot_firmwareqcm6490wcn3950sa9000pqcm2290sm6650pwcn7861snapdragon_8_elite_gen_5_firmwarequalcomm_215_mobile_platform_firmwarewcn6755snapdragon_870_5g_mobile_platformsnapdragon_8\+_gen_2_mobile_platformfastconnect_6200fastconnect_6700_firmwaresm7675psnapdragon_6_gen_4_mobile_platform_firmwaresa8770pwcn7880_firmwareqln1086bd_firmwaresnapdragon_ar1\+_gen_1_platform_firmwaresnapdragon_6_gen_3_mobile_platformsnapdragon_x55_5g_modem-rf_system_firmwareg2_gen_1sm7635p_firmwarevideo_collaboration_vc1_platformsc8380xpsd662_firmwarewcd9390_firmwaresnapdragon_778g\+_5g_mobile_platformwsa8845_firmwarecq8725sqca6574_firmwaresnapdragon_xr2_5g_platformsm8635snapdragon_865_5g_mobile_platform_firmwaresnapdragon_x55_5g_modem-rf_systemsd865_5g_firmwaresnapdragon_480\+_5g_mobile_platformqxm1093_firmwaresm6850g3x_gen_2wcd9360_firmwaresnapdragon_778g\+_5g_mobile_platform_firmwaresrv1m_firmwareqca6698aqwcn3990snapdragon_7_gen_4_mobile_platformwcd9335xrv7209_firmwaresm7635pqcm8838_firmwareqmb415pandeirosnapdragon_888\+_5g_mobile_platform_firmwaresa8150p_firmwareflight_rb5_5g_platform_firmwareqcn9012_firmwarewsa8845h_firmwareqcm8838robotics_rb2_platformcsra6640_firmwaresm6650p_firmwareqcm4490qca6595_firmwareqmp2001palawan25csra6620qcs8550_firmwaresnapdragon_8_gen_2_mobile_platform_firmwaresm7435_firmwarewsa8850wqcm6490_firmwareqca6574snapdragon_ar1\+_gen_1_platformqca6696_firmwarekalpeni_firmwarecq7790sa2150p_firmwareqcs2290qca6696sw5100p_firmwaresnapdragon_8_gen_1_mobile_platformwcn3660bwcd9326wcn3950_firmwaresrv1h_firmwaresnapdragon_xr2_5g_platform_firmwaresa8620p_firmwarewcn6450_firmwareqcs4290srv1msnapdragon_7_gen_1_mobile_platformsxr2250p_firmwaresnapdragon_7c\+_gen_3_computeiq-615sa7775p_firmwareqcm2290_firmwarevision_intelligence_400_platformsnapdragon_4_gen_1_mobile_platformsm7435pwcn3980_firmwarewcn3988robotics_rb5_platform_firmwarewcn3988_firmwareqca6564au_firmwaresxr2230psm6225p_firmwarefastconnect_6800_firmwarewcd9380_firmwaresnapdragon_6_gen_3_mobile_platform_firmwareqmp2001_firmwaresa7255psm8650q_firmwarewcd9360wcd9378_firmwareqrb5165nc-v2x_9150_firmwaresnapdragon_6_gen_1_mobile_platform_firmwaresa6155sc8380xp_firmwaresnapdragon_685_4g_mobile_platform_firmwareqca6574au_firmwaresar2130psa9000p_firmwaresm7675_firmwarewcn3680bsnapdragon_7_gen_4_mobile_platform_firmwaresm4850pqca6564ausd_8_gen1_5g_firmwarevideo_collaboration_vc3_platformsa7775pqca6797aqsm8735pthemisto_firmwaresnapdragon_xr2\+_gen_1_platformsnapdragon_865\+_5g_mobile_platform_firmwaresnapdragon_7c\+_gen_3_compute_firmwareqca6678aqiq-9075snapdragon_4_gen_2_mobile_platformsm7525wsa8815_firmwareqca6698ausxr2230p_firmwaresnapdragon_g1_gen_2_gaming_platformpalawan25_firmwaresa6155p_firmwaresa8770p_firmwareqam8255p_firmwareiq-8275sm7435wsa8832wsa8830_firmwaresnapdragon_888\+_5g_mobile_platformsnapdragon_8\+_gen_2_mobile_platform_firmwaresa4150p_firmwaresar1165porne_firmwaresnapdragon_auto_5g_modem-rf_firmwaresnapdragon_wear_elite_platformxrv9209_firmwaresxr2350psda660sm4850p_firmwareqam8797p_firmwareqam8397pwcd9375snapdragon_680_4g_mobile_platform_firmwarequalcomm_215_mobile_platformsdm429w_firmwaresm7550psa8155p_firmwaresnapdragon_ar1_gen_1_platform_firmwareqxm1083qpa1083bd_firmwarecq7790_firmwaresxr2350p_firmwaresnapdragon_662_mobile_platformmolokai_firmwaresnapdragon_782g_mobile_platform_firmwarewsa8810_firmwaresm7435p_firmwaremilos_iotqca6574ausa2150pfastconnect_7800_firmwaresa8155pvideo_collaboration_vc5_platformfastconnect_6900_firmwaresnapdragon_480_5g_mobile_platform_firmwareqrb5165n_firmwarewsa8810sa8155_firmwareqam8255pqrb5165m_firmwarefastconnect_6800wcd9395wsa8845hcsrb31024wcn3680b_firmwareqpa1086bdsm4850sm7675p_firmwarewsa8815qxm1096sa8295pmiloswsa8855c_firmwarewsa8850_firmwaresnapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_8_gen_2_mobile_platformfsm100_platform_firmwaresm8650qqxm1093Snapdragon
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2022-33906
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.05% / 16.39%
||
7 Day CHG~0.00%
Published-14 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the FwBlockServiceSmm driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel 5.2: 05.27.23, 5.3: 05.36.23, 5.4: 05.44.23, 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022048

Action-Not Available
Vendor-n/aInsyde Software Corp. (ISC)
Product-kerneln/a
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2022-33986
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.04% / 12.02%
||
7 Day CHG~0.00%
Published-14 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack. DMA attacks on the parameter buffer used by the software SMI handler used by the driver VariableRuntimeDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23. CWE-367 CWE-367 Report at: https://www.insyde.com/security-pledge/SA-2022056

Action-Not Available
Vendor-n/aInsyde Software Corp. (ISC)
Product-kerneln/a
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2022-32267
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.09% / 26.09%
||
7 Day CHG+0.05%
Published-14 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DMA transactions which are targeted at input buffers used for the software SMI handler used by the SmmResourceCheckDxe driver could cause SMRAM corruption through a TOCTOU attack... This issue was discovered by Insyde engineering. Fixed in kernel Kernel 5.2: 05.27.23. Kernel 5.3: 05.36.23. Kernel 5.4: 05.44.23. Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022046

Action-Not Available
Vendor-n/aInsyde Software Corp. (ISC)
Product-kerneln/a
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-9939
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 6.94%
||
7 Day CHG~0.00%
Published-22 Oct, 2020 | 18:06
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to load unsigned kernel extensions.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-8332
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.4||MEDIUM
EPSS-0.03% / 10.62%
||
7 Day CHG~0.00%
Published-14 Oct, 2020 | 21:25
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in some legacy Lenovo and IBM System x servers may allow arbitrary code execution. Servers operating in UEFI mode are not affected.

Action-Not Available
Vendor-IBM CorporationLenovo Group Limited
Product-system_x3530_m4_firmwarebladecenter_hs23e_firmwarebladecenter_hs23esystem_x3630_m4_firmwaresystem_x3630_m4flex_system_x220nextscale_nx360_m4_firmwaresystem_x3650_m4_firmwarenextscale_nx360_m4idataplex_dx360_m4_firmwaresystem_x3650_m4_hd_firmwarebladecenter_hs23system_x3300_m4system_x3650_m4_hdflex_system_x440_firmwaresystem_x3750_m4_firmwaresystem_x3550_m4system_x3650_m4_bd_firmwarecompute_node-x440_firmwareidataplex_dx360_m4flex_system_x220_firmwaresystem_x3650_m4_bdbladecenter_hs23_firmwaresystem_x3750_m4system_x3550_m4_firmwaresystem_x3500_m4_firmwaresystem_x3300_m4_firmwaresystem_x3500_m4system_x3530_m4idataplex_dx360_m4_water_cooledflex_system_x240_firmwareflex_system_x240system_x3650_m4compute_node-x440idataplex_dx360_m4_water_cooled_firmwareflex_system_x440System x
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-8354
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-6.4||MEDIUM
EPSS-0.03% / 9.92%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 17:35
Updated-04 Aug, 2024 | 09:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution.

Action-Not Available
Vendor-Lenovo Group Limited
Product-notebook_firmwarenotebookBIOS
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2025-47332
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.88%
||
7 Day CHG-0.01%
Published-06 Jan, 2026 | 22:48
Updated-28 Jan, 2026 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver

Memory corruption while processing a config call from userspace.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sm6650psnapdragon_8\+_gen_1_mobile_platform_firmwareqca6797aq_firmwaresnapdragon_4_gen_2_mobile_platform_firmwarewsa8832wcd9390wcn7860_firmwarefastconnect_6900_firmwareqmp1000ssg2115pwcn3950wcd9385sxr1230p_firmwarewsa8835_firmwarewsa8845sm8550p_firmwarewcn7750_firmwarewcd9378_firmwarewcd9378sm8735_firmwaresm6650sxr2350psnapdragon_4_gen_2_mobile_platformsnapdragon_7_gen_1_mobile_platform_firmwarewsa8845h_firmwareqcm4490_firmwaresnapdragon_7_gen_1_mobile_platformsm8635p_firmwaresnapdragon_ar1_gen_1_platform_\"luna1\"sxr2330pwcd9380_firmwaressg2115p_firmwaresnapdragon_ar1_gen_1_platform_firmwaresm7675p_firmwaresg8275_firmwaresm7675_firmwarewcn6740snapdragon_ar2_gen_1_platform_firmwarewcn6740_firmwarewcd9395wsa8832_firmwaresnapdragon_8\+_gen_2_mobile_platformqcs4490_firmwarewcd9375_firmwaresm8750p_firmwarewcd9390_firmwarefastconnect_6200_firmwaresnapdragon_8_gen_2_mobile_platformsxr1230psm7435fastconnect_7800sm7675wsa8810_firmwaresm8475p_firmwaresxr2250p_firmwaresg8275p_firmwarewcd9370_firmwarewcn7861sm7675psm8750pqmp1000_firmwarefastconnect_7800_firmwareqca6698au_firmwaresnapdragon_ar1_gen_1_platform_\"luna1\"_firmwaresm6650_firmwaresxr2230pwcn7860snapdragon_6_gen_1_mobile_platformwcd9380sm7635ssg2125p_firmwaresnapdragon_8_gen_3_mobile_platformwcd9395_firmwaresm8550psnapdragon_8\+_gen_1_mobile_platformfastconnect_6200sm7550p_firmwarewcn7880snapdragon_8_gen_2_mobile_platform_firmwaresg8275pwcd9370wsa8830_firmwarewcn3988sm7550psm7635_firmwarewcn7750wsa8815_firmwarewsa8830qcs8550_firmwaresxr2330p_firmwarewcd9371_firmwaresm8475psnapdragon_ar1_gen_1_platformwsa8845hqca6698auwcn6650_firmwaressg2125psm7550snapdragon_7\+_gen_2_mobile_platformsm7635p_firmwarewcn7881qcm4490wcd9385_firmwarewcn6650wcn7881_firmwareqcs4490wcn6755_firmwarewcn6755qcm8550fastconnect_6700wsa8815qca6797aqfastconnect_6700_firmwaresm8635_firmwaresg8275snapdragon_8_gen_3_mobile_platform_firmwaresm8635pwcn7861_firmwaresnapdragon_6_gen_1_mobile_platform_firmwaresm7550_firmwareqcm8550_firmwaresm6650p_firmwaresxr2230p_firmwaresnapdragon_8\+_gen_2_mobile_platform_firmwaresxr2350p_firmwarewsa8835qcs8550sxr2250pwcd9375sm8635sm7635pwcn3950_firmwarewsa8840wsa8840_firmwaresnapdragon_7\+_gen_2_mobile_platform_firmwaresm8750_firmwarewsa8845_firmwarefastconnect_6900sm7435_firmwaresm8750wcn7880_firmwarewcn3988_firmwaresm8650qsnapdragon_ar2_gen_1_platformsm8735wsa8810wcd9371sm8650q_firmwareSnapdragon
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2025-47344
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.88%
||
7 Day CHG-0.01%
Published-06 Jan, 2026 | 22:48
Updated-27 Jan, 2026 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver

Memory corruption while handling sensor utility operations.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-snapdragon_695_5g_mobile_platform_firmwaresm8735_firmwarewcd9375_firmwareqcm5430wcn3988_firmwaresm8650q_firmwareqca6595au_firmwaresnapdragon_8_gen_3_mobile_platformwcd9375qca6574wcn7860_firmwaresnapdragon_4_gen_2_mobile_platform_firmwarewcn7861qcs4490_firmwareqca6574au_firmwaresm7635psm8635p_firmwaresm6650_firmwarewcn7880qcs4490sa6155p_firmwarewsa8845_firmwarevideo_collaboration_vc3_platform_firmwaresnapdragon_ar1_gen_1_platform_\"luna1\"_firmwaresm8635psnapdragon_8_gen_3_mobile_platform_firmwaresxr2250p_firmwarewcn7750sm8635_firmwareqcs8550_firmwaresnapdragon_680_4g_mobile_platformqca6574awcd9395_firmwarewcn7881_firmwaresm8750sm4635_firmwaresa8195p_firmwarewsa8810_firmwaresnapdragon_480_5g_mobile_platformqca6595auqca6696_firmwarerobotics_rb2_platform_firmwaresa8155p_firmwaresm6650psm8750p_firmwaresnapdragon_ar1_gen_1_platform_firmwarewcn7860qcs5430sxr2330pqcs9100qca6698aq_firmwarewsa8835_firmwaresnapdragon_685_4g_mobile_platform_\(sm6225-ad\)snapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)qcm5430_firmwarewcn7881qcs9100_firmwaresm6650p_firmwaresxr2330p_firmwarefastconnect_6200_firmwarecsra6640wcd9335qca6574_firmwarewsa8810qca6574auqcm4490wcn6755_firmwareqca6574a_firmwarecsra6620wsa8845hqcm4490_firmwaresm7635_firmwarewcn3950_firmwarewcn7750_firmwarewcn3950sm6650sm7635p_firmwaresxr2250pfastconnect_6700_firmwarefastconnect_6900_firmwaresxr2230p_firmwarewcn6740_firmwarewcn6650qcm6490_firmwarefastconnect_6200sm8735sxr2350probotics_rb2_platformwcn6650_firmwaresm7635sm8635snapdragon_680_4g_mobile_platform_firmwaresnapdragon_695_5g_mobile_platformqcs8550snapdragon_4_gen_2_mobile_platformfastconnect_6900sa8155psm8750pwcn6740wsa8832sm7675_firmwarewcd9370wcn6755wcd9390fastconnect_7800snapdragon_480_5g_mobile_platform_firmwarewsa8832_firmwareqca6698aqwsa8840sm8750_firmwaresa6155psnapdragon_4_gen_1_mobile_platformwsa8830sm7675pqmp1000wcd9385snapdragon_685_4g_mobile_platform_\(sm6225-ad\)_firmwareqcs5430_firmwaresnapdragon_ar2_gen_1_platform_firmwaresnapdragon_ar2_gen_1_platformfastconnect_7800_firmwareqcs6490snapdragon_ar1_gen_1_platformsnapdragon_662_mobile_platformwcd9335_firmwarewsa8830_firmwareqmp1000_firmwaresnapdragon_4_gen_1_mobile_platform_firmwarewsa8840_firmwarewsa8815_firmwarewsa8835wcn7880_firmwarewcd9385_firmwaresxr2230pqca6696wcd9380_firmwarecsra6620_firmwarewcn3988video_collaboration_vc3_platformsm7675qcm6490sm7675p_firmwareqcs6490_firmwarewsa8815wcd9378_firmwareqcs615_firmwarewcd9370_firmwaresa8195pwsa8845wsa8845h_firmwaresnapdragon_ar1_gen_1_platform_\"luna1\"qcs615sm4635wcd9378wcd9395sxr2350p_firmwarewcd9380snapdragon_662_mobile_platform_firmwaresnapdragon_480\+_5g_mobile_platform_\(sm4350-ac\)_firmwarefastconnect_6700wcd9390_firmwarewcn7861_firmwaresm8650qcsra6640_firmwareSnapdragon
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2022-31243
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.05% / 16.39%
||
7 Day CHG~0.00%
Published-14 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Update description and links DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption through a TOCTOU attack.. "DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in Kernel 5.2: 05.27.21. Kernel 5.3: 05.36.21. Kernel 5.4: 05.44.21. Kernel 5.5: 05.52.21 https://www.insyde.com/security-pledge/SA-2022044

Action-Not Available
Vendor-n/aInsyde Software Corp. (ISC)
Product-kerneln/a
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2020-27014
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.06% / 18.88%
||
7 Day CHG~0.00%
Published-29 Oct, 2020 | 23:45
Updated-04 Aug, 2024 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash.\n\n\r\nAn attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-antivirusTrend Micro Antivirus for Mac (Consumer)
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
  • Previous
  • 1
  • 2
  • Next
Details not found