CVE-2025-20068

Improper input validation in the UEFI ImcErrorHandler module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via...

CVE-2025-20027

Improper input validation in the UEFI WheaERST module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local...

New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

Certain motherboard models from vendors like ASRock, ASUSTeK Computer, GIGABYTE, and MSI are affected by a security vulnerability that leaves them susceptible to early-boot direct memory access DMA attacks across architectures that implement a Unified Extensible Firmware Interface UEFI and...

Analyzing open-source bootloaders: Finding vulnerabilities faster with AI

By leveraging Microsoft Security Copilot to expedite the vulnerability discovery process, Microsoft Threat Intelligence uncovered several vulnerabilities in multiple open-source bootloaders, impacting all operating systems relying on Unified Extensible Firmware Interface UEFI Secure Boot as well ...

Security Bulletin: Denial of service vulnerability affects IBM Unified Extensible Firmware Interface (CVE-2017-5703)

Summary IBM System x, Flex and BladeCenter systems have addressed the following denial of service vulnerability in Unified Extensible Firmware Interface UEFI. Vulnerability Details CVEID: CVE-2017-5703 DESCRIPTION: Multiple Intel platforms are vulnerable to a denial of service, caused by the...

The vulnerability in the open-source development environment for UEFI EDK2, related to uncontrolled recursion, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of open-source development environments for UEFI EDK2 is related to uncontrolled recursion. Exploiting this vulnerability allows attackers to access confidential data, compromise its integrity, and cause service failures...

多款Acer产品缓冲区错误漏洞

Acer Aspire Series is a line of servers from Acer China. The security vulnerability in Acer products stems from the presence of a stack buffer overflow vulnerability, which could lead to the execution of arbitrary code in the UEFI DXE driver on certain Acer products. An attacker could elevate...

PT-2022-4227 · Hewlett Packard · Hp Pc

Name of the Vulnerable Software and Affected Versions: HP PC products affected versions not specified Description: The issue is related to potential vulnerabilities in the system BIOS of certain HP PC products. These vulnerabilities might allow arbitrary code execution, escalation of privilege,...

CVE-2022-32295

On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component...

Hp Uefi 安全漏洞

Hp Uefi is a Unified Extensible Firmware Interface from Hewlett-Packard Hp. It is a method of handling the computer before loading the operating system. Hp Uefi has a security vulnerability that stems from a problem in the UEFI firmware BIOS that could allow privileged escalation and arbitrary co...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. Operating System H2O UEFI firmware has a security vulnerability that could be exploited to elevate...

Security feature bypass

A security feature bypass vulnerability exists when Microsoft Windows fails to handle file creation permissions, which could allow an attacker to create files in a protected Unified Extensible Firmware Interface UEFI location. To exploit this vulnerability, an attacker could run a specially craft...

New 'MosaicRegressor' UEFI Bootkit Malware Found Active in the Wild

Cybersecurity researchers have spotted a rare kind of potentially dangerous malware that targets a machine's booting process to drop persistent malware. The campaign involved the use of a compromised UEFI or Unified Extensible Firmware Interface containing a malicious implant, making it the secon...

Security Bulletin: Vulnerabilities in OpenSSL affect System x, BladeCenter and Flex Systems Unified Extensible Firmware Interface (UEFI) (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. OpenSSL is used by IBM System x, BladeCenter and Flex Systems Unified Extensible Firmware Interface UEFI. IBM System x, BladeCenter and Flex Systems UEFI has addressed the applicable CVEs. Vulnerability...

IBM Unified Extensible Firmware Interface Denial of Service Vulnerability

The IBM Unified Extensible Firmware Interface is a standard detailing type interfaces for operating systems to automatically load from a pre-booted operating environment, to an operating system that simplifies the boot process and saves time. A security vulnerability exists in IBM Unified...