206 matches found
CVE-2022-4573
An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code...
CVE-2022-4573
An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code...
CVE-2022-4573
Summary: CVE-2022-4573 is described across multiple sources as an input-validation flaw in the SMI handler of the ThinkPad X1 Fold Gen 1 BIOS firmware. The vulnerability could allow a local, high-privilege attacker to execute arbitrary code due to improper validation in the SMI handler. Affected ...
Lenovo ThinkPad Input Validation Error Vulnerability
Lenovo ThinkPad is a portable computer from Lenovo, a Chinese company. The Lenovo ThinkPad X1 Fold Gen 1 suffers from an input validation error vulnerability that stems from a security issue in the SMI handler that could allow an attacker with local access and elevated privileges to execute...
Siemens InsydeH2O Out-of-bounds Write (CVE-2023-22612)
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. A malicious host OS can invoke an Insyde SMI handler with malformed arguments, resulting in memory corruption in SMM. Insyde BIOS is typically used in RUGGEDCOM APE products and some SIMATIC devices. Please refer...
Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-34325)
DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe drive...
Siemens InsydeH2O Improper Input Validation (CVE-2021-41842)
An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler lacks a CommBuffer check. Insyde BIOS is...
Siemens InsydeH2O Out-of-bounds Write (CVE-2023-22613)
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption. Insyde BIOS is typically...
Siemens InsydeH2O Improper Input Validation (CVE-2020-5956)
An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 before 05.15.11, 5.2 before 05.25.11, 5.3 before 05.34.11, and 5.4 before 05.42.11. The software SMI handler allows untrusted external input because it does not verify CommBuffer. Insyde BIOS is typically used in RUGGEDCOM...
Hardcoded credentials
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential...
CVE-2022-3744
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential...
CVE-2022-3744
The CVE-2022-3744 issue concerns LCFC BIOS on certain Lenovo consumer notebooks. A hard-coded SMI handler credential could allow a local attacker with elevated privileges to unlock UEFI variables, due to the root cause in the BIOS code. The practical impact is high confidentiality, integrity, and...
CVE-2023-28468
An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS...
CVE-2023-28468
An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS...
Code injection
An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS...
CVE-2023-28468
An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS...
CVE-2023-28468
An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS...
CVE-2023-28468
CVE-2023-28468 : InsydeH2O BIOS’ FvbServicesRuntimeDxe (SMM) exposes an SMI handler that enables the OS to interact with the SPI flash at run-time. Affects InsydeInsydeH2O (FvbServicesRuntimeDxe SMM module) on kernel 5.0–5.5. According to the available references, this can lead to local access wi...
CVE-2023-2290
A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code...
Code injection
A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code...