14 matches found
EUVD-2022-31422
Malicious code in bioql PyPI...
EUVD-2022-43548
Malicious code in bioql PyPI...
CVE-2022-26873
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...
CVE-2022-26873
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...
CVE-2022-40250
An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system OS and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI...
Memory corruption
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...
CVE-2022-40250
CVE-2022-40250 affects AMI Aptio 5.x via a stack overflow in the SMI handler of SmmSmbiosElog. The vulnerability allows local privilege escalation to System Management Mode (SMM), enabling arbitrary code execution in a highly privileged context, bypassing SMM SPI flash protections and potentially...
CVE-2022-40250 Stack overflow vulnerability in SMI handler on SmmSmbiosElog.
An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system OS and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI...
CVE-2022-26873
CVE-2022-26873 affects AMI Aptio 5.x PlatformInitAdvancedPreMem. The issue is described as a stack buffer overflow in PlatformInitAdvancedPreMem that can allow arbitrary code execution during the PEI phase, potentially enabling mitigation bypass, memory contents disclosure, VM secrets access, and...
CVE-2022-26873 The stack buffer overflow vulnerability in PlatformInitAdvancedPreMem leads to arbitrary code execution during PEI phase.
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...
CVE-2022-26873 The stack buffer overflow vulnerability in PlatformInitAdvancedPreMem leads to arbitrary code execution during PEI phase.
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...
PT-2022-14974 · Ami · Ami Aptio 5.X
Name of the Vulnerable Software and Affected Versions: AMI Aptio 5.x Description: This issue allows an attacker with physical access to execute arbitrary code during the DXE phase. A malicious code installed as a result of vulnerability exploitation in the DXE driver could survive across an...
PT-2022-25305 · American Megatrends · Ami Aptiov
Name of the Vulnerable Software and Affected Versions: AMI Aptio version 5.x Description: An attacker can exploit this issue to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than the operating system OS and completely...
PT-2022-3556 · Ami · Ami Aptiov
Name of the Vulnerable Software and Affected Versions: AMI Aptio versions 5.x Description: A potential attacker can execute arbitrary code at the time of the PEI phase and influence subsequent boot stages, leading to mitigations bypassing, physical memory contents disclosure, discovery of secrets...