111 matches found
hw: amd: SMM Lock Bypass
A flaw was found in hw. Improper validation in a model-specific register MSR could allow a malicious program with ring0 access to modify the SMM configuration while the SMI lock is enabled. This issue can lead to arbitrary code execution...
PT-2024-11955 · Smm +1 · Smm +1
Name of the Vulnerable Software and Affected Versions: SMM affected versions not specified Description: A TOCTOU Time-Of-Check-Time-Of-Use issue in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer, potentially resulting ...
DEBIAN-CVE-2023-31315
Improper validation in a model specific register MSR could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution...
UBUNTU-CVE-2023-31315
Improper validation in a model specific register MSR could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution...
PT-2024-11956 · Amd · Amd Spi Protection Feature
Name of the Vulnerable Software and Affected Versions: AMD SPI protection feature affected versions not specified Description: The issue is related to improper access control in the AMD SPI protection feature, which may allow a user with Ring0 kernel mode privileged access to bypass protections...
CVE-2023-20596
Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution...
AZL-13190 CVE-2023-0266 affecting package hyperv-daemons for versions less than 5.15.92.1-1
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRVCTLIOCTLELEMREAD|WRITE32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past...
PT-2022-7387 · Amd · Amd Processors
Name of the Vulnerable Software and Affected Versions: AMD processors affected versions not specified Description: A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 kernel mode access to bypass the native System Management Mode SMM ROM protections. This...
CVE-2021-26334
The AMDPowerProfiler.sys driver of AMD μProf tool may allow lower privileged users to access MSRs in kernel which may lead to privilege escalation and ring-0 code execution by the lower privileged user...
PT-2021-8203 · Amd +1 · Amd Μprof +1
Name of the Vulnerable Software and Affected Versions: AMD μProf tool affected versions not specified Description: The AMDPowerProfiler.sys driver of the AMD μProf tool may allow lower privileged users to access MSRs in the kernel, which may lead to privilege escalation and ring-0 code execution ...
DEBIAN-CVE-2021-28689
x86: Speculative vulnerabilities with bare non-shim 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement paravirtualisation, Xen's novel approach to...
MalwareFox Anti-Malware 安全漏洞
MalwareFox Anti-Malware is an application from the American company MalwareFox. A malicious code detection software. A security vulnerability exists in MalwareFox AntiMalware 2.74.0.150, which allows the execution of ring 0 code to be exposed in the context of a driver, allowing an unprivileged...
CVE-2020-28922
An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write arbitrary physical memory. This could lead to arbitrary Ring-0 code execution and escalation of privileges...
Devid Espenschied PC Analyser Security Breach
Devid Espenschied Devid Espenschied PC Analyser is a software for diagnostics, stress testing, and configuration comparison of PC systems from Devid Espenschied, Germany. A security vulnerability exists in Devid Espenschied PC Analyser version 4.10 and earlier versions, which stems from the...
Devid Espenschied PC Analyser License Issue Vulnerability
Devid Espenschied Devid Espenschied PC Analyser is a software for diagnostics, stress testing, and configuration comparison of PC systems from Devid Espenschied, Germany. A security vulnerability exists in Devid Espenschied PC Analyser version 4.10 and earlier versions, which stems from the...
CVE-2020-15481
An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSForensics v7.1 Build 1012, and PerformanceTest v10.0 Build 1008. The kernel driver exposes IOCTL functionality that allows low-privilege users to map arbitrary physical memory into the address space of the calling process. This cou...
CVE-2020-15480
An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers MSRs. This could lead to arbitrary Ring-0 code...
AMD OverDrive has an unspecified vulnerability
AMD OverDrive is a tool from AMD USA that supports the management and configuration of CPU, GPU and RAM overclocking settings. A security vulnerability in the AODDriver2.sys file in AMD OverDrive, which stems from not properly filtering the MSR registers, can be exploited by an attacker to execut...
CVE-2019-7246
An issue was discovered in atillk64.sys in AMD ATI Diagnostics Hardware Abstraction Sys/Overclocking Utility 5.11.9.0. The vulnerable driver exposes a wrmsr instruction and does not properly filter the Model Specific Register MSR. Allowing arbitrary MSR writes can lead to Ring-0 code execution an...
TechPowerUp GPU-Z Code Execution Vulnerability
TechPowerUp GPU-Z is a lightweight application for managing and controlling video cards and graphics processors. A security vulnerability exists in the GPU-Z.sys file in TechPowerUp GPU-Z versions prior to 2.23.0. An attacker could exploit this vulnerability to execute Ring-0 code and elevate...