SUSE CVE-2026-23352

In the Linux kernel, the following vulnerability has been resolved: x86/efi: defer freeing of boot services memory efifreebootservices frees memory occupied by EFIBOOTSERVICESCODE and EFIBOOTSERVICESDATA using memblockfreelate. There are two issue with that: memblockfreelate should be used for...

EUVD-2020-26530

Malware in sbrugna...

Siemens InsydeH2O Arbitrary Code Execution (CVE-2022-35408)

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver in UsbLegacyControlSmm leads to possible arbitrary code execution in SMM and escalation of privileges. An attacker could overwrite the function pointers in the EFIBOOTSERVICES...

Code injection

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver in UsbLegacyControlSmm leads to possible arbitrary code execution in SMM and escalation of privileges. An attacker could overwrite the function pointers in the EFIBOOTSERVICES...

CVE-2020-5348

Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFIBOOTSERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFIBOOTSERVICES structure to execute arbitrary code in system management mode...

Code injection

Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFIBOOTSERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFIBOOTSERVICES structure to execute arbitrary code in system management mode...

CVE-2020-5348

Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFIBOOTSERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFIBOOTSERVICES structure to execute arbitrary code in system management mode...

CVE-2020-5348

CVE-2020-5348 affects Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28. The vulnerability is a use-after-free in EFI_BOOT_SERVICES when operating in System Management Mode, enabling a local unauthenticated attacker to overwrite EFI_BOOT_SERVICES and execute arbitrary code in SMM. Suppo...

CVE-2019-16284

A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFIBOOTSERVICES structure might be overwritten by an attacker to execute arbitrary SM...

Privilege escalation

A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFIBOOTSERVICES structure might be overwritten by an attacker to execute arbitrary SM...

CVE-2019-16284

CVE-2019-16284 concerns a BIOS/firmware vulnerability in HP products where the EFI_BOOT_SERVICES structure can be overwritten to execute arbitrary SMM code, potentially leading to privilege escalation during boot. The Red Hat and NVD entries align with HP’s advisory (HP: C06456250), describing af...