206 matches found
PT-2024-3507 · Huawei · Huawei Matebook D16
Name of the Vulnerable Software and Affected Versions: Huawei Matebook D16 version v2.26 Description: The issue is related to a buffer overflow in the SMRAM memory of Huawei personal computers' UEFI BIOS microprogram, which can allow an attacker to execute arbitrary code in System Management Mode...
CVE-2023-31100
Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: from 4.3.0.0 before 4.3.0.203 from 4.3.1.0 before 4.3.1.163 from 4.4.0.0 before 4.4.0.217 from 4.5.0.0 before 4.5.0.138...
Improper access control
Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: from 4.3.0.0 before 4.3.0.203 from 4.3.1.0 before 4.3.1.163 from 4.4.0.0 before 4.4.0.217 from 4.5.0.0 before 4.5.0.138...
CVE-2023-31100
Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: from 4.3.0.0 before 4.3.0.203 from 4.3.1.0 before 4.3.1.163 from 4.4.0.0 before 4.4.0.217 from 4.5.0.0 before 4.5.0.138...
CVE-2023-31100
Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: from 4.3.0.0 before 4.3.0.203 from 4.3.1.0 before 4.3.1.163 from 4.4.0.0 before 4.4.0.217 from 4.5.0.0 before 4.5.0.138...
CVE-2023-31100
CVE-2023-31100 relates to an Improper Access Control in the SMI handler of Phoenix SecureCore Technologies 4. Affected versions include: 4.3.0.0 before 4.3.0.203; 4.3.1.0 before 4.3.1.163; 4.4.0.0 before 4.4.0.217; and 4.5.0.0 before 4.5.0.138. The root cause is an access control flaw in the SMI ...
CVE-2023-20596
Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution...
Input validation
Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution...
CVE-2023-39284
An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler...
CVE-2023-39284
An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler...
Design/Logic Flaw
An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler...
CVE-2023-39284
An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler...
CVE-2023-39284
CVE-2023-39284 affects Insyde InsydeH2O kernel 5.0–5.5 via IhisiServicesSmm, where arbitrary SetVariable calls in the SMI handler can pass attacker-controlled parameters. Root cause: unsanitized arguments in SMI SetVariable handling, enabling modification of protected NVRAM variables from Ring0 (...
CVE-2023-39284
An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler...
CVE-2022-4574
An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code...
CVE-2022-4573
An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code...
Input validation
An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code...
CVE-2022-4574
The CVE describes a BIOS SMI handler input validation vulnerability in Lenovo ThinkPad models. A local, elevated-privilege attacker could exploit a flaw in the SMI handler to execute arbitrary code. The available documents identify the affected surface as the BIOS/SMI handler but do not specify e...
CVE-2022-4574
An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code...
CVE-2022-4574
An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code...