31 matches found
CVE-2025-54502
A flaw was found in the AMD Platform Configuration Blob APCB SMM driver. A privileged attacker with local access Ring 0 can exploit an incorrect use of a boot service. This vulnerability may allow the attacker to achieve privilege escalation, potentially leading to arbitrary code execution...
Linux Distros Unpatched Vulnerability : CVE-2025-54502
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect use of boot service in the AMD Platform Configuration Blob APCB SMM driver could allow a privileged attacker with local access Ring 0 to achieve...
CVE-2025-54502
Incorrect use of boot service in the AMD Platform Configuration Blob APCB SMM driver could allow a privileged attacker with local access Ring 0 to achieve privilege escalation potentially resulting in arbitrary code execution...
CVE-2025-54502
Summary (CVE-2025-54502) : Affected software is the AMD Platform Configuration Blob (APCB) SMM driver. The issue is an incorrect use of a boot service in APCB SMM, which could allow a local (Ring 0) attacker to escalate privileges and potentially execute arbitrary code. The CVSS-like metrics indi...
CVE-2022-35408
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver in UsbLegacyControlSmm leads to possible arbitrary code execution in SMM and escalation of privileges. An attacker could overwrite the function pointers in the EFIBOOTSERVICES...
EUVD-2022-50900
Malicious code in bioql PyPI...
CVE-2022-48189
An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code...
CVE-2023-45078
A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables...
CVE-2023-45079
A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables...
CVE-2023-45079
A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables...
CVE-2023-45079
A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables...
CVE-2023-45079
CVE-2023-45079 is a memory-leakage issue in the NvmramSmm SMM driver that could allow a local privileged attacker to write to NVRAM variables. Documents consistently describe the vulnerable component as the NvmramSmm SMM driver and the impact as local access with high confidentiality, integrity, ...
CVE-2023-45078
CVE-2023-45078 : A memory leakage vulnerability in the DustFilterAlertSmm SMM driver may allow a local, privileged attacker to write to NVRAM variables. Documents indicate impact as confidentiality/ integrity/ availability HIGH, with a local attack vector and low complexity, but exploitation deta...
Memory corruption
An SMM memory corruption vulnerability in the SMM driver SMRAM write in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation...
CVE-2023-39283
An SMM memory corruption vulnerability in the SMM driver SMRAM write in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation...
CVE-2023-39283
An SMM memory corruption vulnerability in the SMM driver SMRAM write in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation...
CVE-2022-48189
An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code...
CVE-2022-48189
An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code...
CVE-2022-48189
An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code...
Siemens InsydeH2O Arbitrary Code Execution (CVE-2022-36338)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then...