610 matches found
CVE-2022-40246
A potential attacker can write one byte by arbitrary address at the time of the PEI phase only during S3 resume boot mode and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines V...
Memory corruption
A potential attacker can write one byte by arbitrary address at the time of the PEI phase only during S3 resume boot mode and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines V...
Memory corruption
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...
CVE-2022-40262
CVE-2022-40262 concerns memory corruption in the S3Resume2Pei component that can allow arbitrary code execution during the PEI phase and affect subsequent boot stages. The affected element is injected into SMRAM, with potential to bypass mitigations, disclose physical memory, access secrets from ...
CVE-2022-40262 The arbitrary write vulnerability in S3Resume2Pei leads to arbitrary code execution during PEI phase.
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...
CVE-2022-40246 Arbitrary write vulnerability in SbPei module leads to arbitrary code execution during PEI phase.
A potential attacker can write one byte by arbitrary address at the time of the PEI phase only during S3 resume boot mode and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines V...
CVE-2022-26873
CVE-2022-26873 affects AMI Aptio 5.x PlatformInitAdvancedPreMem. The issue is described as a stack buffer overflow in PlatformInitAdvancedPreMem that can allow arbitrary code execution during the PEI phase, potentially enabling mitigation bypass, memory contents disclosure, VM secrets access, and...
CVE-2022-26873 The stack buffer overflow vulnerability in PlatformInitAdvancedPreMem leads to arbitrary code execution during PEI phase.
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...
Intel NUC M15 缓冲区错误漏洞
Intel NUC M15 is a laptop kit from Intel Corporation USA. A security vulnerability exists in previous versions of the Intel NUC M15 Laptop Kit BC0076, which stems from the fact that a potential attacker could write a byte through an arbitrary address during the PEI phase and affect subsequent boo...
Intel NUC M15 缓冲区错误漏洞
Intel NUC M15 is a laptop kit from Intel Corporation USA. A security vulnerability exists in previous versions of the Intel NUC M15 Laptop Kit BC0076, which stems from the fact that a potential attacker could execute arbitrary code during the PEI phase and affect subsequent boot phases. This coul...
CVE-2022-28200
NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can...
CVE-2022-28200
NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can...
Design/Logic Flaw
NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can...
CVE-2022-28200
NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can...
PT-2022-6198 · Dell · Dell Alienware M17 R5 Bios
Name of the Vulnerable Software and Affected Versions: Dell Alienware m17 R5 BIOS versions prior to 1.2.2 Description: The issue is related to a buffer access vulnerability in the BIOS software of Dell Alienware m17 R5 laptops. A malicious user with admin privileges could potentially exploit this...
CVE-2022-28806
An issue was discovered on certain Fujitsu LIEFBOOK devices A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449 with BIOS versions before v1.09 A3510, v2.17 U9310, v2.30 U7511/U7411/U7311, v2.33 U9311, v2.23 E5510, v2.19 U7510/U7410, v2.13 U7310, and v1.09 E459/E449...
CVE-2022-28806
An issue was discovered on certain Fujitsu LIEFBOOK devices A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449 with BIOS versions before v1.09 A3510, v2.17 U9310, v2.30 U7511/U7411/U7311, v2.33 U9311, v2.23 E5510, v2.19 U7510/U7410, v2.13 U7310, and v1.09 E459/E449...
Input validation
An issue was discovered on certain Fujitsu LIEFBOOK devices A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449 with BIOS versions before v1.09 A3510, v2.17 U9310, v2.30 U7511/U7411/U7311, v2.33 U9311, v2.23 E5510, v2.19 U7510/U7410, v2.13 U7310, and v1.09 E459/E449...
CVE-2022-28806
An issue was discovered on certain Fujitsu LIEFBOOK devices A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449 with BIOS versions before v1.09 A3510, v2.17 U9310, v2.30 U7511/U7411/U7311, v2.33 U9311, v2.23 E5510, v2.19 U7510/U7410, v2.13 U7310, and v1.09 E459/E449...
CVE-2022-28806
The CVE-2022-28806 entry concerns Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with specific BIOS versions. The vulnerability stems from the FjGabiFlashCoreAbstractionSmm driver’s SWSMI handler, which does not sufficiently validate t...