63 matches found
CVE-2022-1107
The CVE-2022-1107 entry concerns Lenovo ThinkPad BIOS vulnerability where the use of Boot Services in the SmmOEMInt15 SMI handler can allow a local attacker with elevated privileges to execute arbitrary code. Affected component: BIOS boot services logic within SMM handling. Root cause: privilege ...
CVE-2022-1107
During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code...
Lenovo ThinkPad 权限许可和访问控制问题漏洞
Lenovo ThinkPad is a portable computer from Lenovo, a Chinese company. The Lenovo ThinkPad BIOS is vulnerable to a privilege-granting and access-control issue that arises from the use of boot services in the SmmOEMInt15 SMI handler. A local attacker could bypass implemented security restrictions...
PT-2022-11495 · Insyde · Insydeh2O
Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O kernel versions 5.0 through 5.5 Description: An issue was discovered in NvmExpressDxe due to an Untrusted Pointer Dereference, causing SMM memory corruption. This allows an attacker to write fixed or predictable data to SMRAM...
Insyde InsydeH2O 缓冲区错误漏洞
Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System. Operating System H2O UEFI firmware has a security vulnerability that stems from a handler that does not...
PT-2024-11236 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.10.45/5.12.12 Description: The issue arises when memory marked as EFI boot services data is not properly mapped as encrypted under SEV, potentially leading to a kernel crash at boot. This occurs because some...
Qualcomm UTILS Input Validation Error Vulnerability
Qualcomm UTILS is a Qualcomm Incorporated USA support component used in chips. A security vulnerability exists in Qualcomm UTILS that originates from a BSI module that may result in memory corruption due to improper parameter count validation...
CVE-2020-5378
Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFIBOOTSERVICES structure to execute arbitrary code in System Management Mode SMM...
CVE-2020-5379
Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFIBOOTSERVICES structure to execute arbitrary code in System Management Mode SMM...
CVE-2020-5376
Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFIBOOTSERVICES structure to execute arbitrary code in System Management Mode SMM...
CVE-2020-5379
Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFIBOOTSERVICES structure to execute arbitrary code in System Management Mode SMM...
Design/Logic Flaw
Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFIBOOTSERVICES structure to execute arbitrary code in System Management Mode SMM...
CVE-2020-5379
Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFIBOOTSERVICES structure to execute arbitrary code in System Management Mode SMM...
Dell Latitude 7202 Rugged Tablet BIOS Resource Management Error Vulnerability
Dell Latitude 7202 Rugged Tablet BIOS is a basic input/output system BIOS for the Dell Latitude 7202 Tablet PC from Dell USA. A resource management error vulnerability exists in EFIBOOTSERVICES in System Management mode in Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28. An attacker...
CVE-2020-5348
Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFIBOOTSERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFIBOOTSERVICES structure to execute arbitrary code in system management mode...
The vulnerability of the EFI_BOOT_SERVICES component of Hewlett-Packard Development Company L.P.’s desktop workstations, personal computers, and cash registers allows a hacker to exploit their privileges.
The vulnerability of the EFIBOOTSERVICES component in microprogramming software for desktop workstations, personal computers, and payment devices of Hewlett-Packard Development Company L.P exists due to insufficient verification of input data. Exploiting this vulnerability can allow a remote...
CVE-2019-6170
A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution...
CVE-2019-6170
A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution...
CVE-2019-16284
A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFIBOOTSERVICES structure might be overwritten by an attacker to execute arbitrary SM...
CVE-2019-16284
A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFIBOOTSERVICES structure might be overwritten by an attacker to execute arbitrary SM...