2 matches found
CVE-2023-52080
CVE-2023-52080 affects IEIT NF5280M6 UEFI firmware up to version 8.4. The root cause is a pool overflow caused by improper use of gRT->GetVariable(), allowing an attacker with access to local NVRAM variables to modify SPI Flash contents, leading to tampered memory data and potential crashes. D...
CVE-2023-52080
IEIT NF5280M6 UEFI firmware through 8.4 has a pool overflow vulnerability, caused by improper use of the gRT-GetVariable function. Attackers with access to local NVRAM variables can exploit this by modifying these variables on SPI Flash, resulting in memory data being tampered with. When critical...