6 matches found
CVE-2025-4423
CVE-2025-4423 is linked to Lenovo devices running InsydeH2O firmware. Connected documents describe a vulnerability in the InsydeH2O/SMM subsystem that allows a local attacker with privileges to write arbitrary code and trigger memory corruption (buffer flaw), enabling a local privilege escalation...
CVE-2025-4422 EfiSmiServices : EfiPcdProtocol, SMM memory corruption vulnerabilities in SMM module
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/productsecurity/home...
CVE-2025-4421 EfiSmiServices: gEfiSmmCpuProtocol, SMM memory corruption vulnerabilities in SMM module
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/productsecurity/home...
CVE-2025-4421
CVE-2025-4421 involves SMM memory corruption in the InsydeH2O firmware, linked to Lenovo-related firmware code. The root cause is a vulnerability in the SMM module involving gEfiSmmCpuProtocol/EfiSmiServices that can corrupt SMM memory. Connected docs describe insecure firmware leading to unautho...
Lenovo SMM/SMM2/FPC 安全漏洞
Lenovo SMM/SMM2/FPC is an application from Lenovo China. A security vulnerability exists in Lenovo SMM/SMM2/FPC that stems from a command injection vulnerability. An attacker can use this vulnerability to execute unauthorized commands via IPMI...
Lenovo SMM/SMM2/FPC 安全漏洞
Lenovo SMM/SMM2/FPC is an application from Lenovo China. A security vulnerability exists in Lenovo SMM/SMM2/FPC that stems from an authentication bypass vulnerability. The vulnerability can be exploited by an attacker to invoke certain IPMI, which could lead to information disclosure...