22 matches found
EUVD-2022-31422
Malicious code in bioql PyPI...
EUVD-2022-43560
Malicious code in bioql PyPI...
BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.
...
CVE-2022-36765
A flaw was found in the CreateHob function in EDK2. An attacker, leveraging a local network, can initiate an integer overflow leading to a buffer overflow. This issue arises during size alignment within the CreateHob function, requiring activation in the PEI phase. Successful exploitation of this...
CVE-2022-42285
DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization PEIphase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering...
CVE-2022-42285
CVE-2022-42285 affects NVIDIA DGX A100 SBIOS in the Pre-EFI Initialization (PEI) phase, where a privileged local user can disable SPI flash protection, enabling denial of service, privilege escalation, or data tampering. NVIDIA’s security bulletin and firmware update table indicate mitigations: D...
CVE-2022-40262
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...
CVE-2022-26873
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...
CVE-2022-26873
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...
CVE-2022-40262
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...
Memory corruption
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...
Memory corruption
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...
CVE-2022-40262
CVE-2022-40262 concerns memory corruption in the S3Resume2Pei component that can allow arbitrary code execution during the PEI phase and affect subsequent boot stages. The affected element is injected into SMRAM, with potential to bypass mitigations, disclose physical memory, access secrets from ...
CVE-2022-40262 The arbitrary write vulnerability in S3Resume2Pei leads to arbitrary code execution during PEI phase.
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...
CVE-2022-40262 The arbitrary write vulnerability in S3Resume2Pei leads to arbitrary code execution during PEI phase.
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...
CVE-2022-40246 Arbitrary write vulnerability in SbPei module leads to arbitrary code execution during PEI phase.
A potential attacker can write one byte by arbitrary address at the time of the PEI phase only during S3 resume boot mode and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines V...
CVE-2022-40246 Arbitrary write vulnerability in SbPei module leads to arbitrary code execution during PEI phase.
A potential attacker can write one byte by arbitrary address at the time of the PEI phase only during S3 resume boot mode and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines V...
CVE-2022-26873
CVE-2022-26873 affects AMI Aptio 5.x PlatformInitAdvancedPreMem. The issue is described as a stack buffer overflow in PlatformInitAdvancedPreMem that can allow arbitrary code execution during the PEI phase, potentially enabling mitigation bypass, memory contents disclosure, VM secrets access, and...
CVE-2022-26873 The stack buffer overflow vulnerability in PlatformInitAdvancedPreMem leads to arbitrary code execution during PEI phase.
A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...
PT-2022-25303 · Sbpei · Sbpei
Name of the Vulnerable Software and Affected Versions: SbPei affected versions not specified Description: A potential attacker can write one byte by arbitrary address at the time of the PEI phase, only during S3 resume boot mode, and influence the subsequent boot stages. This can lead to...