285 matches found
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004028)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004028 advisory. An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivarssdt ACPI variable could be used by...
PT-2026-27717
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue related to the freeing of EFI boot services memory. The efi free boot services function incorrectly uses memblock free late to free memory reserved wit...
New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards
Certain motherboard models from vendors like ASRock, ASUSTeK Computer, GIGABYTE, and MSI are affected by a security vulnerability that leaves them susceptible to early-boot direct memory access DMA attacks across architectures that implement a Unified Extensible Firmware Interface UEFI and...
CVE-2025-62864
Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM MMCommunicate service that could result in an out-of-bounds write within the UEFI-MM Secure Partition context...
CVE-2024-38798
EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access. Successful exploitation of this vulnerability will lead to possible information disclosure or escalation of privilege and impact Confidentiality...
EDK2 安全漏洞
EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 that stems from improper input validation and could lead to arbitrary command execution...
CVE-2025-2486
The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some previous versions inserted a secure-boot-based...
UEFI Shell accessible in AAVMF with Secure Boot enabled on Ubuntu
...
CVE-2025-35968
Protection mechanism failure in the UEFI firmware for the Slim Bootloader within firmware may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via...
PT-2025-46437
Name of the Vulnerable Software and Affected Versions UEFI firmware with Slim Bootloader affected versions not specified Description A flaw exists in the UEFI firmware for the Slim Bootloader that could allow for privilege escalation. A local attacker with privileged user access and high complexi...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989074)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989074 advisory. In the Linux kernel, the following vulnerability has been resolved: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Aditya reports 0 that his recent...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989446)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989446 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Map EFI-reserved memory as encrypted for SEV Some drivers require memory that is...
efi: Don't map the entire mokvar table to determine its size
...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987643)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987643 advisory. In the Linux kernel, the following vulnerability has been resolved: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Aditya reports 0 that his recent...
CVE-2025-33182
NVIDIA Jetson Linux contains a vulnerability in UEFI, where improper authentication may allow a privileged user to cause corruption of the Linux Device Tree. A successful exploitation of this vulnerability might lead to data tampering, denial of service...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987171)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987171 advisory. In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmigetvariable We can get EFI variables without fetching the attribute, ...
Unity Linux 20.1070a Security Update: microcode_ctl (UTSA-2025-984678)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984678 advisory. Improper input validation in UEFI firmware for some IntelR processors may allow a privileged user to potentially enable escalation of privilege via local access...
Unity Linux 20.1070a Security Update: microcode_ctl (UTSA-2025-984695)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984695 advisory. Improper input validation in UEFI firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...
EUVD-2025-25798
Malicious code in bioql PyPI...
EUVD-2025-27914
Malicious code in bioql PyPI...