CVE-2025-54502

A flaw was found in the AMD Platform Configuration Blob APCB SMM driver. A privileged attacker with local access Ring 0 can exploit an incorrect use of a boot service. This vulnerability may allow the attacker to achieve privilege escalation, potentially leading to arbitrary code execution...

poc

poc Collection of my PoC's for various vulnerabilities. L...

EUVD-2025-209508

Incorrect use of boot service in the AMD Platform Configuration Blob APCB SMM driver could allow a privileged attacker with local access Ring 0 to achieve privilege escalation potentially resulting in arbitrary code execution...

CVE-2025-54502

Incorrect use of boot service in the AMD Platform Configuration Blob APCB SMM driver could allow a privileged attacker with local access Ring 0 to achieve privilege escalation potentially resulting in arbitrary code execution...

CVE-2025-54502

Incorrect use of boot service in the AMD Platform Configuration Blob APCB SMM driver could allow a privileged attacker with local access Ring 0 to achieve privilege escalation potentially resulting in arbitrary code execution...

CVE-2025-54502

Summary (CVE-2025-54502) : Affected software is the AMD Platform Configuration Blob (APCB) SMM driver. The issue is an incorrect use of a boot service in APCB SMM, which could allow a local (Ring 0) attacker to escalate privileges and potentially execute arbitrary code. The CVSS-like metrics indi...

AMD EPYC Processor 安全漏洞

The AMD EPYC Processor is a series of multi-core processors developed by American semiconductor company AMD. There is a security vulnerability in the AMD EPYC Processor, which stems from improper use of the boot service. This vulnerability may lead to privilege escalation and arbitrary code...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the premature release of boot service memory, potentially leading to memory leaks...

EUVD-2022-39054

Malicious code in bioql PyPI...

CVE-2022-36338

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then...

AMD SMM Callout Vulnerability

AMD ID: AMD-SB-7028 Potential Impact: Arbitrary Code Execution Severity: High Summary AMD SMM callout vulnerability in the AmdPlatformRasSspSmm driver supported on multiple processors. Eclypsium reported an SMM callout vulnerability within the AmdPlatformRasSspSmm UEFI module, which is supported ...

DEBIAN-CVE-2024-35803

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stack needs to b...

UBUNTU-CVE-2024-35803

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stack needs to b...

Siemens InsydeH2O Arbitrary Code Execution (CVE-2022-36338)

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then...

CVE-2022-36338

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then...

Design/Logic Flaw

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then...

CVE-2022-36338

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then...

CVE-2018-3974

An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's install directory. An attacker can overwrite an executable that is launched as a system service on boot by default to exploit this vulnerability and execute arbitrary code with system...

PT-2019-10735 · Gog · Gog Galaxy

Name of the Vulnerable Software and Affected Versions: GOG Galaxy affected versions not specified Description: A local privilege elevation issue exists due to file system permissions in the install directory. This allows an attacker to overwrite an executable launched as a system service on boot,...