118 matches found
CVE-2023-45075
CVE-2023-45075 describes a memory-leakage vulnerability in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. The issue is documented across multiple sources (NVD/Red Hat/NV mentions) and is associated with a CVSSv3.1 score of 6.7 (Me...
CVE-2023-45075
A memory leakage vulnerability was reported in the SWSMIShadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables...
CVE-2023-45075
A memory leakage vulnerability was reported in the SWSMIShadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables...
PT-2023-29394 · Unknown · Swsmi Shadow Dxe Driver
Name of the Vulnerable Software and Affected Versions: SWSMI Shadow DXE driver affected versions not specified Description: A memory leakage issue was reported in the SWSMI Shadow DXE driver, potentially allowing a local attacker with elevated privileges to write to NVRAM variables...
PT-2023-29395 · Unknown · 534D0140 Dxe Driver
Name of the Vulnerable Software and Affected Versions: 534D0140 DXE driver affected versions not specified Description: A memory leakage issue was reported in the 534D0140 DXE driver, potentially allowing a local attacker with elevated privileges to write to NVRAM variables. Recommendations: At t...
CVE-2023-39281
A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase...
CVE-2023-39281
A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase...
Stack overflow
A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase...
Insyde InsydeH2O Security Breach
Insyde InsydeH2O is a C-language source from Insyde Corporation of Taiwan, which implements the new technology "EFI/UEFI" specification designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O with kernel versions 5.0 through 5.5, whi...
CVE-2023-39281
A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase...
AMD Client UEFI DXE Driver Memory Leaks September 2023 Security Update
AMD has informed HP of potential vulnerabilities identified in some AMD client platform firmware components, which might allow denial of service or information disclosure. AMD is releasing firmware updates to mitigate these vulnerabilities. AMD has released updates to mitigate the potential...
CVE-2023-20597
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...
CVE-2023-20597
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...
CVE-2023-20594
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...
CVE-2023-20594
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...
Input validation
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...
Input validation
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...
CVE-2023-20597
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...
CVE-2023-20597
CVE-2023-20597 concerns improper initialization of variables in the AMD DXE driver, leading to potential local-information disclosure. The vulnerability is discussed across multiple sources (AMD/SB-4007 and related advisories), which describe memory-leak risks in the DXE driver and note mitigatio...
CVE-2023-20594
Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access...