CVE-2021-36324

CVE-2021-36324 affects Dell BIOS. The issue is an improper input validation in Dell BIOS, enabling a local authenticated attacker to use an SMI to execute arbitrary code in SMRAM. Impact is described as high (confidentiality, integrity, and availability affected) with local attack vector and high...

CVE-2021-36323

Dell BIOS contains an input validation vulnerability that can allow a local authenticated attacker to gain arbitrary code execution in SMRAM by abusing System Management Interrupts (SMI). Affected component is Dell BIOS (embedded firmware on a Dell motherboard memory chip). The root cause is impr...

CVE-2021-36323

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM...

CVE-2021-3786

A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range...

Code injection

A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range...

CVE-2021-3786

A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range...

CVE-2021-3786

CVE-2021-3786 concerns Lenovo notebook/ThinkPad systems with a vulnerable SMI callback in the CSME configuration. The issue is a potential flaw in the SMI callback function that could allow leaking data from the SMRAM range. Public records describe this as a data leakage risk affecting confidenti...

CVE-2021-33626

A vulnerability exists in SMM System Management Mode branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointerQWORD values for CommBuffer. This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code executio...

CVE-2021-33626

A vulnerability exists in SMM System Management Mode branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointerQWORD values for CommBuffer. This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code executio...

Design/Logic Flaw

A vulnerability exists in SMM System Management Mode branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointerQWORD values for CommBuffer. This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code executio...

CVE-2021-33626

CVE-2021-33626 affects InsydeH2O’s SMM code, specifically the SmmResourceCheckDxe driver, where a SWSMI handler registers without proper validation of the CommBuffer pointer, enabling data corruption in SMRAM and potential arbitrary code execution. Connected vendor disclosures confirm this vulner...

CVE-2021-36283

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM...

Input validation

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM...

CVE-2021-36283

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM...

CVE-2021-26943

The UX360CA BIOS through 303 on ASUS laptops allow an attacker with the ring 0 privilege to overwrite nearly arbitrary physical memory locations, including SMRAM, and execute arbitrary code in the SMM issue 3 of 3...

CVE-2020-5388

Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contain an Improper SMM communication buffer verification vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM...

CVE-2020-5388

Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contain an Improper SMM communication buffer verification vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM...

CVE-2020-5388

The CVE-2020-5388 issue affects Dell Inspiron 15 7579 2‑in‑1 BIOS versions prior to 1.31.0, with an ImpropER SMM communication buffer verification vulnerability. A locally authenticated user can potentially exploit this by issuing an SMI to achieve arbitrary code execution in SMRAM . The vulnerab...

CVE-2020-5388

Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contain an Improper SMM communication buffer verification vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM...

CVE-2015-0949

The System Management Mode SMM implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Bo...