CVE-2024-36310

Improper input validation in the SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to SMRAM potentially resulting in loss of confidentiality or integrity...

CVE-2021-33627

An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. Software SMI services that use the Communicate function of the EFISMMCOMMUNICATIONPROTOC...

PT-2025-32958

Name of the Vulnerable Software and Affected Versions: Tcg2Smm affected versions not specified Description: Tcg2Smm contains a flaw that allows writing arbitrary memory inside SMRAM and executing arbitrary code at the SMM level. Recommendations: At the moment, there is no information about a newe...

CVE-2022-34399

Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer access vulnerability. A malicious user with admin privileges could potentially exploit this vulnerability by sending input larger than expected in order to leak certain sections of SMRAM...

PT-2022-23004 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O versions 5.0 through 5.5 Description: An issue in the SMM driver SMRAM was discovered, allowing an attacker to dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver. This leads to information...

Intel NUC M15 缓冲区错误漏洞

Intel NUC M15 is a laptop kit from Intel Corporation USA. A security vulnerability exists in previous versions of the Intel NUC M15 Laptop Kit BC0076, which stems from the fact that a potential attacker could execute arbitrary code during the PEI phase and affect subsequent boot phases. This coul...

CVE-2022-28806

An issue was discovered on certain Fujitsu LIEFBOOK devices A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449 with BIOS versions before v1.09 A3510, v2.17 U9310, v2.30 U7511/U7411/U7311, v2.33 U9311, v2.23 E5510, v2.19 U7510/U7410, v2.13 U7310, and v1.09 E459/E449...

FUJITSU LIEFBOOK devices 缓冲区错误漏洞

The FUJITSU LIEFBOOK devices are a laptop computer from Fujitsu FUJITSU Japan. A buffer error vulnerability exists in multiple versions of FUJITSU LIEFBOOK, which stems from the FJGABIFlashCoreAxtractionSMM driver registering a Software System Management Interrupt SWSMI handler that is not...

Vulnerabilities fixed in Lenovo notebook BIOS

Vulnerabilities have been found in several Lenovo laptop models by researchers from security firm ESET. These vulnerabilities are Lenovo-specific, a full list of affected Lenovo laptops can be found under "Possible fixes." Two of these vulnerabilities, with attributes CVE-2021-3970 and...

Insyde InsydeH2O has an unspecified vulnerability (CNVD-2022-10283)

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System. The vulnerability can be exploited to read or write or manipulate data to SMRAM, resulting in an escalation...

CVE-2022-24031

An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM...

CVE-2021-33627

An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. Software SMI services that use the Communicate function of the EFISMMCOMMUNICATIONPROTOC...

CVE-2021-26943

The UX360CA BIOS through 303 on ASUS laptops allow an attacker with the ring 0 privilege to overwrite nearly arbitrary physical memory locations, including SMRAM, and execute arbitrary code in the SMM issue 3 of 3...