285 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-46951
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tpm: efi: Use local variable for calculating final log size When tpmreadlogefi is called...
Linux Distros Unpatched Vulnerability : CVE-2024-46868
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix deadlock in qcuefiacquire If the qcuefi pointer is not set,...
UBUNTU-CVE-2025-3770
EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability...
DEBIAN-CVE-2025-38315
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check dsbr size from EFI variable Since the size of struct btinteldsbr is already known, we can just start there instead of querying the EFI variable size. If the final result doesn't match what we expect also...
The vulnerability of the drivers/firmware/EFI/libstub components of the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the drivers/firmware/EFI/libstub components of the Linux operating system is related to the allocation of unlimited memory. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the IhisiServiceSmm component in the InsydeH2O UEFI firmware creation framework allows a attacker to escalate their privileges.
The vulnerability of the IhisiServiceSmm component in the InsydeH2O UEFI firmware creation framework is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...
Astra Linux – Vulnerability in Intel Microcode
Improper input validation in the UEFI firmware CseVariableStorageSmm for some Intel processors may allow a privileged user to potentially enable privilege escalation through local access...
Astra Linux – Vulnerability in Intel Microcode
Improper input validation in the XmlCli feature for UEFI firmware on some Intel processors may allow a privileged user to potentially enable privilege escalation through local access...
Insyde InsydeH2O 安全漏洞
Insyde InsydeH2O is a new EFI/UEFI specification from Insyde China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which can be exploited to alter certificates and execute .efi files...
CVE-2023-22662
Improper input validation of EpsdSrMgmtConfig in UEFI firmware for some IntelR Server Board S2600BP products may allow a privileged user to potentially enable denial of service via local access...
Intel Server M50FCP和Intel Server D50DNP 输入验证错误漏洞
Intel Server M50FCP and Intel Server D50DNP are both servers from Intel Corporation USA. An input validation error vulnerability exists in Intel Server M50FCP and Intel Server D50DNP, which stems from improper input validation in the UEFI firmware DXE module, which could lead to elevation of...
Intel Server M50FCP和Intel Server D50DNP 安全漏洞
Intel Server M50FCP and Intel Server D50DNP are both servers from Intel Corporation USA. A security vulnerability exists in Intel Server M50FCP and Intel Server D50DNP that stems from improper initialization of the UEFI firmware, which could lead to information disclosure...
PT-2025-15273
Name of the Vulnerable Software and Affected Versions EDK2 affected versions not specified Description The issue is related to a vulnerability in the HashPeImageByType function, where a user can cause a read out of bounds by sending corrupted data via the network. This could lead to a loss of...
Analyzing open-source bootloaders: Finding vulnerabilities faster with AI
By leveraging Microsoft Security Copilot to expedite the vulnerability discovery process, Microsoft Threat Intelligence uncovered several vulnerabilities in multiple open-source bootloaders, impacting all operating systems relying on Unified Extensible Firmware Interface UEFI Secure Boot as well ...
UBUNTU-CVE-2025-21872
In the Linux kernel, the following vulnerability has been resolved: efi: Don't map the entire mokvar table to determine its size Currently, when validating the mokvar table, we remap the entire table on each iteration of the loop, adding space as we discover new entries. If the table grows over a...
Vulnerabilities of EFI/unaccepted kernel components of the Linux operating system, allowing attackers to trigger a service failure
The vulnerability of the listdel function in efi/unaccepted kernel components of the Linux operating system is related to improper locking mechanisms. Exploiting this vulnerability could allow an attacker to trigger a service failure...
AZL-58803 CVE-2025-2295 affecting package edk2 for versions less than 20240524git3e722403cd16-14
EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service...
CVE-2024-56182
A vulnerability has been identified in SIMATIC Field PG M5 All versions, SIMATIC Field PG M6 All versions V26.01.12, SIMATIC IPC BX-21A All versions V31.01.07, SIMATIC IPC BX-32A All versions V29.01.07, SIMATIC IPC BX-39A All versions V29.01.07, SIMATIC IPC BX-59A All versions V32.01.04, SIMATIC...
Siemens SIMATIC 缓冲区错误漏洞
Siemens SIMATIC is a configuration software from Siemens Germany. A buffer error vulnerability exists in Siemens SIMATIC, which arises from an inadequate protection mechanism for EFI variables, and could allow an authenticated attacker to modify the secure boot configuration. The following produc...
microcode_ctl: Improper input validation in UEFI firmware
An improper input validation flaw was found in UEFI firmware. Some IntelR processors may allow a privileged user to enable privilege escalation via local access...