CVE-2023-52080

IEIT NF5280M6 UEFI firmware through 8.4 has a pool overflow vulnerability, caused by improper use of the gRT-GetVariable function. Attackers with access to local NVRAM variables can exploit this by modifying these variables on SPI Flash, resulting in memory data being tampered with. When critical...

PT-2024-14388 · Ieit · Ieit Nf5280M6 Uefi Firmware

Name of the Vulnerable Software and Affected Versions: IEIT NF5280M6 UEFI firmware versions through 8.4 Description: The issue is caused by improper use of the gRT-GetVariable function, leading to a pool overflow vulnerability. Attackers with access to local NVRAM variables can exploit this by...

CVE-2023-52080

CVE-2023-52080 affects IEIT NF5280M6 UEFI firmware up to version 8.4. The root cause is a pool overflow caused by improper use of gRT->GetVariable(), allowing an attacker with access to local NVRAM variables to modify SPI Flash contents, leading to tampered memory data and potential crashes. D...

CVE-2022-40080

Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges...

CVE-2022-40080

Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges...

Stack overflow

Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges...

Acer Aspire Series 缓冲区错误漏洞

Acer Aspire Series is a series of servers from Acer China. A security vulnerability exists in the BIOS firmware of the Acer Aspire Series E5-475G, which originates from a secondary call to the GetVariable service in the FpGui module. An attacker could exploit the vulnerability to execute arbitrar...

CVE-2022-36338

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then...

Design/Logic Flaw

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then...

CVE-2022-36338

CVE-2022-36338 (Siemens InsydeH2O) affects InsydeH2O BIOS/firmware (kernel 5.0–5.5). The issue is an SMM callout vulnerability in the SMM driver FwBlockServiceSmm that creates SMM and allows arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with ma...

PT-2022-23315 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O versions 5.0 through 5.5 Description: An issue was discovered in Insyde InsydeH2O, where an SMM callout vulnerability in the SMM driver FwBlockServiceSmm leads to arbitrary code execution. This occurs when creating SMM,...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a C-language source from Insyde Corporation of Taiwan, which implements the new technology "EFI/UEFI" specification designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in the Insyde InsydeH2O kernel versions 5.0 to 5.5, which ste...

CVE-2020-5953

A vulnerability exists in System Management Interrupt SWSMI handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT EFIRUNTIMESERVICES pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM escalating...

Invalid Memory Address Dereference Vulnerability in libming 'decompileGETVARIABLE' Function

libming is a Flash SWF output library written in C for use in systems developed in PHP, Perl, etc. It can be used to output Flash SWF files to the system. A security vulnerability exists in the 'decompileGETVARIABLE' function in libming 0.4.8 version 0.4.8 prior to 2018-03-12, which stems from a...