Lucene search
+L

63 matches found

cve
cve
added 2022/04/22 8:30 p.m.87 views

CVE-2022-1107

The CVE-2022-1107 entry concerns Lenovo ThinkPad BIOS vulnerability where the use of Boot Services in the SmmOEMInt15 SMI handler can allow a local attacker with elevated privileges to execute arbitrary code. Affected component: BIOS boot services logic within SMM handling. Root cause: privilege ...

7.2CVSS6.5AI score0.00253EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2022/04/22 8:30 p.m.23 views

CVE-2022-1107

During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code...

6.7CVSS6.8AI score0.00253EPSS
Exploits0References1
cnnvd
cnnvd
added 2022/04/13 12:0 a.m.5 views

Lenovo ThinkPad 权限许可和访问控制问题漏洞

Lenovo ThinkPad is a portable computer from Lenovo, a Chinese company. The Lenovo ThinkPad BIOS is vulnerable to a privilege-granting and access-control issue that arises from the use of boot services in the SmmOEMInt15 SMI handler. A local attacker could bypass implemented security restrictions...

7.2CVSS7.1AI score0.00253EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2022/02/03 12:0 a.m.11 views

PT-2022-11495 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O kernel versions 5.0 through 5.5 Description: An issue was discovered in NvmExpressDxe due to an Untrusted Pointer Dereference, causing SMM memory corruption. This allows an attacker to write fixed or predictable data to SMRAM...

8.2CVSS8.1AI score0.00274EPSS
Exploits0References7
cnnvd
cnnvd
added 2022/02/02 12:0 a.m.6 views

Insyde InsydeH2O 缓冲区错误漏洞

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System. Operating System H2O UEFI firmware has a security vulnerability that stems from a handler that does not...

8.2CVSS6AI score0.00274EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2021/06/08 12:0 a.m.13 views

PT-2024-11236 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.10.45/5.12.12 Description: The issue arises when memory marked as EFI boot services data is not properly mapped as encrypted under SEV, potentially leading to a kernel crash at boot. This occurs because some...

9.8CVSS6.7AI score0.17563EPSS
Exploits7References968
cnnvd
cnnvd
added 2021/02/01 12:0 a.m.8 views

Qualcomm UTILS Input Validation Error Vulnerability

Qualcomm UTILS is a Qualcomm Incorporated USA support component used in chips. A security vulnerability exists in Qualcomm UTILS that originates from a BSI module that may result in memory corruption due to improper parameter count validation...

7.8CVSS7.1AI score0.00161EPSS
Exploits0References3
osv
osv
added 2020/09/02 9:15 p.m.5 views

CVE-2020-5378

Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFIBOOTSERVICES structure to execute arbitrary code in System Management Mode SMM...

6.8CVSS6.1AI score0.0039EPSS
Exploits0References1
osv
osv
added 2020/09/02 9:15 p.m.4 views

CVE-2020-5379

Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFIBOOTSERVICES structure to execute arbitrary code in System Management Mode SMM...

6.8CVSS6.9AI score0.00397EPSS
Exploits0References1
osv
osv
added 2020/09/02 9:15 p.m.5 views

CVE-2020-5376

Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFIBOOTSERVICES structure to execute arbitrary code in System Management Mode SMM...

6.8CVSS6.9AI score0.0039EPSS
Exploits0References1
nvd
nvd
added 2020/09/02 9:15 p.m.19 views

CVE-2020-5379

Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFIBOOTSERVICES structure to execute arbitrary code in System Management Mode SMM...

7.2CVSS6.8AI score0.00397EPSS
Exploits0References1
prion
prion
added 2020/09/02 9:15 p.m.15 views

Design/Logic Flaw

Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFIBOOTSERVICES structure to execute arbitrary code in System Management Mode SMM...

7.2CVSS6.8AI score0.00397EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2020/09/02 8:55 p.m.17 views

CVE-2020-5379

Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFIBOOTSERVICES structure to execute arbitrary code in System Management Mode SMM...

6.8CVSS6.8AI score0.00397EPSS
Exploits0References1
cnvd
cnvd
added 2020/04/07 12:0 a.m.4 views

Dell Latitude 7202 Rugged Tablet BIOS Resource Management Error Vulnerability

Dell Latitude 7202 Rugged Tablet BIOS is a basic input/output system BIOS for the Dell Latitude 7202 Tablet PC from Dell USA. A resource management error vulnerability exists in EFIBOOTSERVICES in System Management mode in Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28. An attacker...

7.8CVSS7.5AI score0.00379EPSS
Exploits0
osv
osv
added 2020/04/04 12:15 a.m.6 views

CVE-2020-5348

Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFIBOOTSERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFIBOOTSERVICES structure to execute arbitrary code in system management mode...

7.8CVSS7.4AI score0.00379EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2019/12/26 12:0 a.m.7 views

The vulnerability of the EFI_BOOT_SERVICES component of Hewlett-Packard Development Company L.P.’s desktop workstations, personal computers, and cash registers allows a hacker to exploit their privileges.

The vulnerability of the EFIBOOTSERVICES component in microprogramming software for desktop workstations, personal computers, and payment devices of Hewlett-Packard Development Company L.P exists due to insufficient verification of input data. Exploiting this vulnerability can allow a remote...

9CVSS7.2AI score0.01959EPSS
Exploits0References3Affected Software86
osv
osv
added 2019/11/12 9:15 p.m.4 views

CVE-2019-6170

A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution...

6.4CVSS7.1AI score0.0035EPSS
Exploits0References1
cvelist
cvelist
added 2019/11/12 8:40 p.m.38 views

CVE-2019-6170

A potential vulnerability in the SMI callback function used in the Legacy USB driver using boot services structure in runtime phase in some Lenovo ThinkPad models may allow arbitrary code execution...

6.4CVSS6.7AI score0.0035EPSS
Exploits0References1
nvd
nvd
added 2019/11/05 9:15 p.m.37 views

CVE-2019-16284

A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFIBOOTSERVICES structure might be overwritten by an attacker to execute arbitrary SM...

9CVSS7.4AI score0.01959EPSS
Exploits0References1
osv
osv
added 2019/11/05 9:15 p.m.5 views

CVE-2019-16284

A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFIBOOTSERVICES structure might be overwritten by an attacker to execute arbitrary SM...

7.2CVSS7.4AI score0.01959EPSS
Exploits0References1
Rows per page
Query Builder