Lucene search
K

63 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:9 p.m.7 views

CVE-2022-1107

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code...

7.2CVSS7AI score0.00253EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2024-35803

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when th...

5.5CVSS6.2AI score0.00222EPSS
Exploits0References4
CVE
CVE
added 2025/02/11 8:18 p.m.51 views

CVE-2024-21924

The CVE-2024-21924 entry concerns an SMM callout vulnerability in AMD’s AmdPlatformRasSspSmm driver that could allow a ring-0 attacker to modify boot-services handlers and potentially achieve arbitrary code execution. Documents detail that the vulnerability affects AMD SMM components in multiple ...

8.2CVSS8.3AI score0.00203EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/11 8:18 p.m.7 views

CVE-2024-21924

SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution...

8.2CVSS8.3AI score0.00203EPSS
Exploits0References1
NVD
NVD
added 2024/05/21 3:15 p.m.20 views

CVE-2021-47228

In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Map EFI-reserved memory as encrypted for SEV Some drivers require memory that is marked as EFI boot services data. In order for this memory to not be re-used by the kernel after ExitBootServices, efimemreserve is use...

6.2CVSS6.2AI score0.00237EPSS
Exploits0References3
OSV
OSV
added 2024/05/21 3:15 p.m.1 views

DEBIAN-CVE-2021-47228

In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Map EFI-reserved memory as encrypted for SEV Some drivers require memory that is marked as EFI boot services data. In order for this memory to not be re-used by the kernel after ExitBootServices, efimemreserve is use...

6.2CVSS5.5AI score0.00237EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2024/05/18 12:9 a.m.43 views

CVE-2024-35803

A security vulnerability was identified in the Linux kernel's EFI Extensible Firmware Interface stub, specifically affecting systems operating in mixed-mode environments. The issue arises from the EFI stub's handling of boot services, which can lead to stack overflows and potential system...

5.5CVSS8.9AI score0.00222EPSS
Exploits0References4
NVD
NVD
added 2024/05/17 2:15 p.m.38 views

CVE-2024-35803

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stack needs to b...

5.5CVSS7.4AI score0.00222EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2024/05/17 2:15 p.m.35 views

CVE-2024-35803

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stack needs to b...

5.5CVSS5.8AI score0.00222EPSS
Exploits0References12
Cvelist
Cvelist
added 2024/05/17 1:23 p.m.38 views

CVE-2024-35803 x86/efistub: Call mixed mode boot services on the firmware's stack

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stack needs to b...

7.4AI score0.00222EPSS
Exploits0References5
CVE
CVE
added 2024/05/17 1:23 p.m.98 views

CVE-2024-35803

CVE-2024-35803 affects the Linux kernel, specifically the x86 efistub in mixed-mode boot handling. The root cause is that EFI boot service calls were made using the decompressor’s 16k boot stack during 32‑bit firmware entry paths, while EFI boot services require a larger (128k) stack. This mismat...

5.5CVSS6.7AI score0.00222EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/05/17 1:23 p.m.28 views

CVE-2024-35803 x86/efistub: Call mixed mode boot services on the firmware's stack

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stack needs to b...

5.5CVSS6.1AI score0.00222EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2024/05/17 1:23 p.m.22 views

CVE-2024-35803

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stack needs to b...

5.5CVSS7.1AI score0.00222EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/05/17 12:0 a.m.9 views

PT-2024-26747

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the Linux kernel's EFI stub, which calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stac...

5.5CVSS5.5AI score0.00222EPSS
Exploits0
OSV
OSV
added 2022/09/22 4:15 p.m.4 views

CVE-2022-35408

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver in UsbLegacyControlSmm leads to possible arbitrary code execution in SMM and escalation of privileges. An attacker could overwrite the function pointers in the EFIBOOTSERVICES...

8.2CVSS6.2AI score0.0034EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/09/22 12:0 a.m.4 views

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a C-language source from Insyde Corporation of Taiwan, which implements the new technology "EFI/UEFI" specification designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability in Insyde InsydeH2O versions 5.0 to 5.5, which stems from a problem...

8.2CVSS8.2AI score0.0034EPSS
Exploits1References4
OSV
OSV
added 2022/04/22 9:15 p.m.6 views

CVE-2022-1107

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code...

6.7CVSS5.9AI score0.00253EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/04/22 9:15 p.m.7 views

CVE-2022-1107

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code...

7.2CVSS6.8AI score0.00253EPSS
Exploits0References2
NVD
NVD
added 2022/04/22 9:15 p.m.18 views

CVE-2022-1107

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code...

7.2CVSS0.00253EPSS
Exploits0References1
Prion
Prion
added 2022/04/22 9:15 p.m.15 views

Code injection

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code...

7.2CVSS6.5AI score0.00253EPSS
Exploits0References1Affected Software30
Rows per page
Query Builder