Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: gsmi: fixed a null dereference in gsmigetvariable. We can access EFI variables without retrieving the attributes; therefore, we must allow this behavior in gsmi. Commit 859748255b43 “efi: pstore: Omit efivars caching EFI varstore...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: fix efivars registration race Since the conversion to using the TZ allocator, the efivars service is registered before the memory pool has been allocated, something which can lead to a NULL-pointer...

CVE-2025-8860 Qemu-kvm: uefi-vars: information disclosure vulnerability in uefi_vars_write callback

A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFIVARSREGBUFFERSIZE, the .write callback uefivarswrite is invoked. The function allocates a heap buffer without zeroing the memory, leaving the buffer filled with residual data from prior allocations. Wh...

PT-2025-33783

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A stack buffer overflow exists in the gmin get var int function when handling EFI variables larger than 64 bytes. The gmin get config var function does not properly return error codes...

CVE-2023-28149

An issue was discovered in the IhisiServiceSmm module in Insyde InsydeH2O with kernel 5.2 before 05.28.42, 5.3 before 05.37.42, 5.4 before 05.45.39, 5.5 before 05.53.39, and 5.6 before 05.60.39 that could allow an attacker to modify UEFI variables...

UBUNTU-CVE-2025-21998

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: fix efivars registration race Since the conversion to using the TZ allocator, the efivars service is registered before the memory pool has been allocated, something which can lead to a NULL-pointer...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a new EFI/UEFI specification from Insyde China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which stems from a 0x49 function that can restore the factory default settings of certain UEFI variabl...

DEBIAN-CVE-2023-52893

In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmigetvariable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 "efi: pstore: Omit efivars caching EFI varstore access layer" added a new...

CVE-2022-3744

A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential...

Dell BIOS 输入验证错误漏洞

Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA. The Dell BIOS has an input validation error vulnerability that stems from incorrect input validation. An attacker could exploit this vulnerability to modify UEFI variables...

Dell BIOS 输入验证错误漏洞

Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA. Dell BIOS has an input validation error vulnerability that stems from incorrect input validation. An attacker could exploit this vulnerability to modify UEFI variables...

Dell BIOS 输入验证错误漏洞

Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA. Dell BIOS has an input validation error vulnerability that stems from incorrect input validation. An attacker could exploit this vulnerability to modify UEFI variables...

Dell BIOS 输入验证错误漏洞

Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA. Dell BIOS has an input validation error vulnerability that stems from incorrect input validation. An attacker could exploit this vulnerability to modify UEFI variables...

Dell BIOS 输入验证错误漏洞

Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA. Dell BIOS has an input validation error vulnerability that stems from incorrect input validation. An attacker could exploit this vulnerability to modify UEFI variables...

Dell BIOS 输入验证错误漏洞

Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA. Dell BIOS has an input validation error vulnerability that stems from incorrect input validation. An attacker could exploit this vulnerability to modify UEFI variables...

Dell BIOS 输入验证错误漏洞

Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA. Dell BIOS has an input validation error vulnerability that stems from incorrect input validation. An attacker could exploit this vulnerability to modify UEFI variables...

Dell BIOS 输入验证错误漏洞

Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA. Dell BIOS has an input validation error vulnerability that stems from incorrect input validation. An attacker could exploit this vulnerability to modify UEFI variables...

Dell BIOS 输入验证错误漏洞

Dell BIOS is embedded software on a small memory chip on the motherboard of a computer from Dell USA. Dell BIOS has an input validation error vulnerability that stems from incorrect input validation. An attacker could exploit the vulnerability to modify UEFI variables...

Dell BIOS 输入验证错误漏洞

Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA. Dell BIOS has an input validation error vulnerability that stems from incorrect input validation. An attacker could exploit this vulnerability to modify UEFI variables...

Dell BIOS 输入验证错误漏洞

Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA. Dell BIOS has an input validation error vulnerability that stems from incorrect input validation. An attacker could exploit this vulnerability to modify UEFI variables...