CVE-2024-36343

CVE-2024-36343 describes improper input validation in the System Management Mode (SMM) communications buffer, enabling a privileged attacker to perform an out-of-bounds read or write in a limited portion of the Top of Memory Segment (TSEG) on AMD platforms. The issue can impact confidentiality an...

CVE-2021-33626

A vulnerability exists in SMM System Management Mode branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointerQWORD values for CommBuffer. This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code executio...

EUVD-2022-37367

Malicious code in bioql PyPI...

EUVD-2022-28749

Malicious code in bioql PyPI...

EUVD-2022-37374

Malicious code in bioql PyPI...

CVE-2023-47252

An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 through 5.6. There is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. The PNP-related SMI sub-functions do not verify data size before getting it from the communication buffer, which could...

CVE-2024-21467

CVE-2024-21467 is a WLAN information-disclosure issue arising from how beacon probe frames are processed during scan entry generation on the client side. Affected component: Qualcomm WLAN/host stack; root cause: out-of-bounds beacon probe frame handling leading to information disclosure with pote...

CVE-2023-52710

Huawei Matebook D16Model: CREM-WXX9, BIOS: v2.26, As the communication buffer size hasn’t been properly validated to be of the expected size, it can partially overlap with the beginning SMRAM.This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of...

CVE-2023-47252

An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 through 5.6. There is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. The PNP-related SMI sub-functions do not verify data size before getting it from the communication buffer, which could...

CVE-2023-47252

An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 through 5.6. There is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. The PNP-related SMI sub-functions do not verify data size before getting it from the communication buffer, which could...

CVE-2023-47252

Summary (CVE-2023-47252): Insyde InsydeH2O’s PnpSmm in the kernel range 5.0–5.6 is affected by an out-of-bounds access in the SMM communication buffer. The PNP-related SMI sub-functions do not verify data size before reading from the buffer, potentially allowing corruption of data immediately fol...

CVE-2023-47252

An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 through 5.6. There is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. The PNP-related SMI sub-functions do not verify data size before getting it from the communication buffer, which could...

PT-2024-13431 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O kernel versions 5.0 through 5.6 Description: An issue was discovered in PnpSmm, where there is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. The PNP-related SMI sub-functions do not...

Dell PowerEdge Server BIOS Input Validation Error Vulnerability

Dell PowerEdge Server BIOS is a system update driver for the Dell Dell of the United States. The Dell PowerEdge Server BIOS is vulnerable to an input validation error vulnerability that stems from the presence of an SMM communication buffer validation error. An attacker could exploit this...

CVE-2024-0162

Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM...

CVE-2022-23820

CVE-2022-23820 corresponds to a vulnerability in AMD ASP/PSP/SMM handling where failure to validate the AMD SMM communication buffer could allow an attacker to corrupt SMRAM and achieve arbitrary code execution. Public details in AMD’s bulletin AMD-SB-5001 confirm the issue and map it to multiple...

CVE-2022-34416

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service...

Design/Logic Flaw

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service...

Design/Logic Flaw

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service...

Design/Logic Flaw

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service...