226 matches found
CVE-2022-3431
A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable...
Lenovo Notebook Security Breach
Lenovo Notebook is a laptop computer from Lenovo, a Chinese company. The Lenovo Notebook suffers from a security vulnerability that originates from allowing an attacker to modify the secure boot settings by modifying the NVRAM variable...
CVE-2023-20821
In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113...
MediaTek Chip Buffer Error Vulnerability
MediaTek chips are a variety of MediaTek chips from MediaTek, a Chinese company. A security vulnerability exists in the MediaTek chips, which stems from a lack of bounds checking in nvram, which may result in out-of-bounds writes...
PT-2023-5745 · Mediatek · Nvram
Name of the Vulnerable Software and Affected Versions: Nvram affected versions not specified Description: The issue is related to a missing bounds check in nvram, which could lead to a possible out of bounds write. This may result in local information disclosure, requiring System execution...
CVE-2023-37242
Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory NVRAM, or facilitate the exploitation of other vulnerabilities...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. The Huawei HarmonyOS and EMUI information disclosure...
The vulnerability of the driver for configuring WMI microprogramming systems in Lenovo laptops allows a hacker to modify security loading parameters through the NVRAM variable.
The vulnerability of the WMI driver for Lenovo notebook microprogramming systems is related to errors in the use of standard permissions. Exploiting this vulnerability allows an attacker to modify security boot parameters through the NVRAM variable...
NVIDIA DGX-2 安全漏洞
The NVIDIA DGX-2 is a high-performance workstation for deep learning from NVIDIA, Inc. The NVIDIA DGX-2™ is NVIDIA's first 2 petaFLOPS appliance to integrate 16 NVIDIA V100 Tensor core GPUs, making it an excellent platform for tackling complex AI challenges. A security vulnerability exists in...
SUSE CVE-2021-3947
A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvmechangednslist where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information...
Lenovo IdeaPad Y700-14ISK 安全漏洞
Lenovo IdeaPad is a line of laptops from the Chinese company Lenovo Lenovo. A security vulnerability exists in the Lenovo IdeaPad Y700-14ISK. An attacker could exploit the vulnerability to modify the secure boot settings by modifying the NVRAM variable...
Acer Extensa Series 安全漏洞
Acer Extensa Series is a line of laptops from Acer, a Chinese company. The Acer Extensa Series suffers from a security vulnerability that stems from its HQSwSmiDxe DXE driver that allows an attacker with elevated privileges to modify the UEFI Secure Boot settings by modifying the NVRAM variable...
kernel: nvme-rdma: destroy cm id before destroy qp to avoid use after free
A vulnerability was found in the Linux kernel's nvme-rdma driver where the driver failed to destroy a component cmid before another component qp was destroyed. This issue occurs when the kernel incorrectly manages memory during RDMA, leading to a potential use-after-free...
Acer Altos W2000h-W570h F4 缓冲区错误漏洞
Acer Altos W2000h-W570h F4 is a server from Acer China. It offers best-in-class performance, innovative technology, high configurability and comprehensive management features. A security vulnerability exists in Acer Altos W2000h-W570h F4 version R01.03.0018, which originates from a discovery...
RISC-V 输入验证错误漏洞
RISC-V is an open source instruction set architecture based on the principle of reduced instruction sets, which is easily interpreted as a form of "open source hardware" corresponding to the open source software movement. The RISC-V kernel suffers from an Input Validation Error vulnerability, whi...
PT-2022-5838 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw in the Linux kernel may cause a denial of service if consecutive requests of the NVME IOCTL RESET and the NVME IOCTL SUBSYS RESET are made through the device file of the driver,...
AZL-10721 CVE-2021-3929 affecting package qemu for versions less than 6.2.0-13
A DMA reentrancy issue was found in the NVM Express Controller NVME emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvmectrlreset, data structs will be freed leading to a use-after-free issue. A malicious guest could...
OESA-2022-1733 qemu security update
QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A DMA reentrancy issue was found in the NVM Express Controller NVME emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset...
InHand Networks InRouter302 输入验证错误漏洞
InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. InHand Networks InRouter302 version V3.5.4 is vulnerable to an input validation error that originates in the libnvram.so nvramimport function userdefineinit function in the userdefinetimeoutnvram variable has...
CVE-2021-3971
A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable...