Incorrect use of LocateProtocol Service of the EFI_BOOT_Services table in SMI Handler

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-54502| Incorrect use of boot service in the AMD Platform Configuration Blob APCB SMM driver could allow a privileged attacker with local access Ring 0 to achieve privilege escalation...

x86/efi: defer freeing of boot services memory

...

UBUNTU-CVE-2026-23352

In the Linux kernel, the following vulnerability has been resolved: x86/efi: defer freeing of boot services memory efifreebootservices frees memory occupied by EFIBOOTSERVICESCODE and EFIBOOTSERVICESDATA using memblockfreelate. There are two issue with that: memblockfreelate should be used for...

CVE-2026-23352

In the Linux kernel, the following vulnerability has been resolved: x86/efi: defer freeing of boot services memory efifreebootservices frees memory occupied by EFIBOOTSERVICESCODE and EFIBOOTSERVICESDATA using memblockfreelate. There are two issue with that: memblockfreelate should be used for...

CVE-2026-23352 x86/efi: defer freeing of boot services memory

In the Linux kernel, the following vulnerability has been resolved: x86/efi: defer freeing of boot services memory efifreebootservices frees memory occupied by EFIBOOTSERVICESCODE and EFIBOOTSERVICESDATA using memblockfreelate. There are two issue with that: memblockfreelate should be used for...

CVE-2026-23352

CVE-2026-23352 affects Linux kernel's x86 EFI code: efi_free_boot_services() defers freeing of EFI_BOOT_SERVICES memory, but memblock_free_late() is not suitable for reserved memory and may miss uninitialized memory maps when CONFIG_DEFERRED_STRUCT_PAGE_INIT=y. This can cause a RAM leak (~140 MB ...

Linux Distros Unpatched Vulnerability : CVE-2026-23352

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/efi: defer freeing of boot services memory efifreebootservices frees memory occupied by EFIBOOTSERVICESCODE and EFIBOOTSERVICESDATA using memblockfreelate...

Linux Distros Unpatched Vulnerability : CVE-2024-35803

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when th...

DEBIAN-CVE-2021-47228

In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Map EFI-reserved memory as encrypted for SEV Some drivers require memory that is marked as EFI boot services data. In order for this memory to not be re-used by the kernel after ExitBootServices, efimemreserve is use...

CVE-2024-35803

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stack needs to b...

CVE-2024-35803

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stack needs to b...

CVE-2024-35803

CVE-2024-35803 affects the Linux kernel, specifically the x86 efistub in mixed-mode boot handling. The root cause is that EFI boot service calls were made using the decompressor’s 16k boot stack during 32‑bit firmware entry paths, while EFI boot services require a larger (128k) stack. This mismat...

CVE-2024-35803

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Call mixed mode boot services on the firmware's stack Normally, the EFI stub calls into the EFI boot services using the stack that was live when the stub was entered. According to the UEFI spec, this stack needs to b...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a C-language source from Insyde Corporation of Taiwan, which implements the new technology "EFI/UEFI" specification designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability in Insyde InsydeH2O versions 5.0 to 5.5, which stems from a problem...

The vulnerability of the EFI_BOOT_SERVICES component of Hewlett-Packard Development Company L.P.’s desktop workstations, personal computers, and cash registers allows a hacker to exploit their privileges.

The vulnerability of the EFIBOOTSERVICES component in microprogramming software for desktop workstations, personal computers, and payment devices of Hewlett-Packard Development Company L.P exists due to insufficient verification of input data. Exploiting this vulnerability can allow a remote...