45 matches found
EUVD-2024-36082
Malicious code in bioql PyPI...
EUVD-2022-38298
Malicious code in bioql PyPI...
EUVD-2022-28982
Malicious code in bioql PyPI...
CVE-2024-21924
SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution...
CVE-2024-0179
A flaw was found in the UEFI module's System Management Mode SMM. SMM callout within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution. Mitigation Available mitigation requires updating the BIOS...
CVE-2024-21924
SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution...
CVE-2024-0179
SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution...
CVE-2024-0179
SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting in arbitrary code execution...
CVE-2024-21924
SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services handlers, potentially resulting in arbitrary code execution...
AMD SMM Callout Vulnerability
AMD ID: AMD-SB-7028 Potential Impact: Arbitrary Code Execution Severity: High Summary AMD SMM callout vulnerability in the AmdPlatformRasSspSmm driver supported on multiple processors. Eclypsium reported an SMM callout vulnerability within the AmdPlatformRasSspSmm UEFI module, which is supported ...
CVE-2024-36434
An SMM callout vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4...
CVE-2024-36434
An SMM callout vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4...
CVE-2024-36434
CVE-2024-36434 describes an SMM callout vulnerability in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards. The issue is located in the SMM callout component of the Supermicro BMC firmware, with a reported buffer overflow in memory. Affected BIOS firmware versions are prior to 4.4. Accord...
CVE-2024-36434
An SMM callout vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4...
Siemens InsydeH2O SMM Privilege Escalation (CVE-2021-42113)
An issue was discovered in StorageSecurityCommandDxe in Insyde InsydeH2O with Kernel 5.1 before 05.14.28, Kernel 5.2 before 05.24.28, and Kernel 5.3 before 05.32.25. An SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this...
Siemens InsydeH2O Inclusion of Functionality from Untrusted Control Sphere (CVE-2021-41841)
An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere. Insyde BIOS...
Siemens InsydeH2O Allocation of Resources Without Limits or Throttling (CVE-2021-41840)
An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere. Insyde...
Siemens InsydeH2O Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2021-41838)
An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check. Insyde BIOS is...
K45810018: Multiple Insyde BIOS/EFI vulnerabilities
Security Advisory Description CVE-2020-5953 A vulnerability exists in System Management Interrupt SWSMI handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT EFIRUNTIMESERVICES pointer to call a GetVariable service, which is located outside of SMRAM. This can resu...
CVE-2022-36338
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then...