PT-2023-26865 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O versions 5.0 through 5.5 Description: A memory corruption vulnerability in the SMM driver SMRAM write in CsmInt10HookSmm allows attackers to send arbitrary data to SMM, which could lead to privilege escalation. The...

CVE-2023-25537

Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System...