485 matches found
PT-2024-11184 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue occurs when no valid fdt is found, causing initial boot params to be null. This happens when setup arch invokes efi init and then efi get fdt params. To prevent further fdt...
CVE-2021-26892
Windows Extensible Firmware Interface Security Feature Bypass Vulnerability...
CVE-2021-26892
Technical details about CVE-2021-26892 (affected product, root cause, impact, fixes) are not provided in the connected documents; no public details are included here. Monitor for updates.
CVE-2021-26892 Windows Extensible Firmware Interface Security Feature Bypass Vulnerability
...
Windows Extensible Firmware Interface Security Feature Bypass Vulnerability
...
PT-2021-2275 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a security feature bypass vulnerability in the Windows Extensible Firmware Interface. This vulnerability allows attackers to bypass existing security restrictions...
Microsoft Windows 安全漏洞
Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation. A security vulnerability exists in the Windows Extensible Firmware Interface. The following products and editions are affected:Windows 10 Version 1607 for x64-based...
Kaspersky Security Vulnerabilities
Kaspersky module is an application component of the Russian company Kaspersky Kaspersky. It provides antivirus protection. A security vulnerability exists in Kaspersky that allows loading of untrusted UEFI modules due to their insufficient authenticity checks...
CVE-2020-16910
A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface UEFI location. To exploit this vulnerability, an attacker could run a specially craft...
Security feature bypass
A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface UEFI location. To exploit this vulnerability, an attacker could run a specially craft...
PT-2020-4268 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: A security feature bypass issue exists due to Windows' failure to handle file creation permissions properly, potentially allowing an attacker to create files in a protected Unified Extensib...
New 'MosaicRegressor' UEFI Bootkit Malware Found Active in the Wild
Cybersecurity researchers have spotted a rare kind of potentially dangerous malware that targets a machine's booting process to drop persistent malware. The campaign involved the use of a compromised UEFI or Unified Extensible Firmware Interface containing a malicious implant, making it the secon...
CVE-2019-1736
A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface UEFI Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improp...
kernel: lockdown: bypass through ACPI write via efivar_ssdt
A flaw was found in how the ACPI table loading through the EFI variable and the related efivarssdt boot option was handled when the Linux kernel was locked down. This flaw allows a root privileged local user to circumvent the kernel lockdown restrictions. The highest threat from this vulnerabilit...
kernel: lockdown: bypass through ACPI write via efivar_ssdt
A flaw was found in how the ACPI table loading through the EFI variable and the related efivarssdt boot option was handled when the Linux kernel was locked down. This flaw allows a root privileged local user to circumvent the kernel lockdown restrictions. The highest threat from this vulnerabilit...
Unspecified vulnerability in Linux kernel (CNVD-2020-52434)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the drivers/firmware/efi/efi.c file in Linux kernel versions prior to 5.4. An attacker can exploit this vulnerability to bypass...
CVE-2020-5348
Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFIBOOTSERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFIBOOTSERVICES structure to execute arbitrary code in system management mode...
reblog
Defeating a Laptop's BIOS Password We found a laptop laying a...
CVE-2019-16284
A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFIBOOTSERVICES structure might be overwritten by an attacker to execute arbitrary SM...
The vulnerability of UEFI (BIOS) software on HP workstations allows a hacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of UEFI BIOS software on HP workstations is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information, provided that the TPM module is disabled...