Lucene search
K

481 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.15 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Maps EFI-reserved memory as encrypted for SEV. Some drivers require memory that is marked as EFI boot services data. To prevent this memory from being reused by the kernel after ExitBootServices, efimemreserve is use...

6.2CVSS5.8AI score0.00237EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Calls boot services in mixed mode on the firmware’s stack Normally, the EFI stub calls into EFI boot services using the stack that was active when the stub was entered. According to the UEFI specification, this stack...

5.5CVSS6AI score0.00222EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ice: fixed NULL access to tx-inuse in iceptptsirq. The E810 device supports a “low latency” firmware interface for accessing and reading Tx timestamps. This interface does not use the standard Tx timestamp logic, due to the laten...

7.8CVSS5.7AI score0.00151EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/16 1:27 a.m.24 views

SUSE CVE-2019-12380

DISPUTED An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. physefisetvirtualaddressmap in arch/x86/platform/efi/efi.c and eficallphysprolog in arch/x86/platform/efi/efi64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because...

4CVSS6.8AI score0.00487EPSS
Exploits0References14
EUVD
EUVD
added 2026/05/12 6:30 p.m.13 views

EUVD-2026-29524

Integer overflow in the UEFI firmware for the Slim Bootloader may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements a...

8.7CVSS5.9AI score0.00125EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 4:35 p.m.51 views

CVE-2025-35991

The CVE-2025-35991 entry describes an improper initialization in the UEFI firmware for some Intel platforms (Ring 0: Bare Metal OS) that may allow information disclosure. The issue requires a local attacker with privileged access and high attack complexity, with no user interaction, and could imp...

5.6CVSS5.7AI score0.00095EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.36 views

PT-2026-40079

Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...

5.6CVSS5.7AI score0.00095EPSS
Exploits0References2
Intel
Intel
added 2026/05/12 12:0 a.m.11 views

UEFI Reference Firmware Advisory

Summary: A potential security vulnerability in UEFI for some Intel Reference Platforms may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-35991 Description: Improper initialization in the UEFI...

5.6CVSS5.7AI score0.00095EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.22 views

PT-2026-40087

Integer overflow in the UEFI firmware for the Slim Bootloader may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements a...

8.7CVSS5.9AI score0.00125EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/07 12:0 a.m.11 views

A UEFI System with SPDM to Protect against Unauthorized Device Connections

Attackers willing to compromise computing systems can use malicious peripherals as an attack vector, threatening users that cannot verify the hardware's authenticity. To address this problem, our work uses the Security Protocol and Data Model to propose a UEFI system capable of authenticating PCI...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/06 7:56 p.m.10 views

CVE-2026-43171

A flaw was found in the Linux kernel's EFI/CPER component. This vulnerability occurs because the cperprintfwerr function does not adequately validate the length of error records against a provided offset. A malicious or malformed firmware could exploit this by providing an offset that causes an...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/06 11:28 a.m.48 views

CVE-2026-43266 EFI/CPER: don't go past the ARM processor CPER record buffer

In the Linux kernel, the following vulnerability has been resolved: EFI/CPER: don't go past the ARM processor CPER record buffer There's a logic inside GHES/CPER to detect if the sectionlength is too small, but it doesn't detect if it is too big. Currently, if the firmware receives an ARM process...

0.00119EPSS
Exploits0References8
NVD
NVD
added 2026/04/22 2:17 p.m.9 views

CVE-2026-6862

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI Extensible Firmware Interface device path node header. A local user could exploit this...

5.5CVSS0.00104EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/22 2:17 p.m.9 views

CVE-2026-6862

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI Extensible Firmware Interface device path node header. A local user could exploit this...

5.5CVSS5.7AI score0.00104EPSS
Exploits0References1
OSV
OSV
added 2026/04/22 2:17 p.m.10 views

UBUNTU-CVE-2026-6862

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI Extensible Firmware Interface device path node header. A local user could exploit this...

5.5CVSS5.3AI score0.00104EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/22 1:45 p.m.4 views

CVE-2026-6862 Efivar: efivar: denial of service due to stack overflow in device path node parsing

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI Extensible Firmware Interface device path node header. A local user could exploit this...

5.5CVSS5.7AI score0.00104EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/22 1:45 p.m.9 views

CVE-2026-6862

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI Extensible Firmware Interface device path node header. A local user could exploit this...

5.5CVSS5.9AI score0.00104EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.15 views

PT-2026-46981

Name of the Vulnerable Software and Affected Versions 7-Zip versions 9.21 through 26.00 Description An off-by-one out-of-bounds read exists in the ParseDepedencyExpression function of the UEFI firmware image parser. The issue occurs because the function validates an attacker-controlled opcode byt...

7.1CVSS5.8AI score0.00225EPSS
Exploits1References31
CVE
CVE
added 2026/04/14 4:57 p.m.12 views

CVE-2026-32220

CVE-2026-32220 : Improper access control in the Windows Virtualization-Based Security (VBS) Enclave allows an authorized local attacker to bypass a security feature. Affected component: Windows VBS Enclave within the Hyper-V/OS security stack. Documented impact includes local bypass of protection...

4.4CVSS5.7AI score0.00288EPSS
Exploits0References1Affected Software4
Cvelist
Cvelist
added 2026/04/14 4:57 p.m.32 views

CVE-2026-0390 UEFI Secure Boot Security Feature Bypass Vulnerability

...

6.7CVSS0.00318EPSS
Exploits0References1
Rows per page
Query Builder