18 matches found
EUVD-2014-4779
Malware in sbrugna...
EUVD-2022-45360
Malicious code in bioql PyPI...
CVE-2022-42285
DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization PEIphase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering...
Design/Logic Flaw
DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization PEIphase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering...
CVE-2022-42285
DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization PEIphase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering...
CVE-2022-42285
DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization PEIphase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering...
PT-2023-14086 · Nvidia · Dgx A100 Sbios
Name of the Vulnerable Software and Affected Versions: DGX A100 SBIOS affected versions not specified Description: The issue concerns a vulnerability in the Pre-EFI Initialization PEI phase, where a privileged user can disable SPI flash protection. This may lead to denial of service, escalation o...
CVE-2022-40246
A potential attacker can write one byte by arbitrary address at the time of the PEI phase only during S3 resume boot mode and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines V...
American Megatrends Incorporated Aptio 缓冲区错误漏洞
American Megatrends Incorporated Aptio is a BIOS configuration program. A security vulnerability exists in American Megatrends Incorporated Aptio version 5.x. An attacker could exploit the vulnerability to execute arbitrary code at the PEI stage...
The vulnerability of the SBIOS component in the NVIDIA DGX A100 server’s SmbiosPei architecture allows a hacker to execute arbitrary code or cause service failures.
The vulnerability of the SBIOS component in the NVIDIA DGX A100 server’s SmbiosPei firmware is caused by a buffer overflow in the dynamic memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code or cause system failures...
OESA-2021-1458 edk2 security update
EFI Development Kit II. Security Fixes: BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.CVE-2021-28216...
DEBIAN-CVE-2021-28216
BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE...
UBUNTU-CVE-2021-28216
BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE...
CVE-2014-4860
Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...
CVE-2014-4860
Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...
CVE-2014-4860
CVE-2014-4860 is an integer overflow vulnerability in the Pre-EFI Initialization (PEI) capsule update coalescing phase of the UEFI/EDK2 implementation. The issue arises when the capsule update is coalesced back to its original form, enabling a write-what-where condition and potential bypass of ac...
CVE-2014-4860
Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...
PEI Stage Backdoor for UEFI Compatible Firmware: PeiBackdoor
PEI Stage Backdoor for UEFI Compatible Firmware This project implements early stage firmware backdoor for UEFI based firmware. It allows to execute arbitrary code written in C during Pre EFI Init PEI phase of Platform Initialization PI. This backdoor might be useful for low level manipulations wi...