949 matches found
EUVD-2024-55585
Improper input validation in the AMD OverDrive AOD System Management Mode SMM module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of confidentiality...
CVE-2024-36345
Improper input validation in the AMD OverDrive AOD System Management Mode SMM module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of confidentiality...
CVE-2025-54502
A flaw was found in the AMD Platform Configuration Blob APCB SMM driver. A privileged attacker with local access Ring 0 can exploit an incorrect use of a boot service. This vulnerability may allow the attacker to achieve privilege escalation, potentially leading to arbitrary code execution...
Linux Distros Unpatched Vulnerability : CVE-2025-54502
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect use of boot service in the AMD Platform Configuration Blob APCB SMM driver could allow a privileged attacker with local access Ring 0 to achieve...
Astra Linux - уязвимость в amd64-microcode
Improper validation in a model specific register MSR could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution...
Astra Linux - уязвимость в edk2
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize...
CVE-2025-54502
Incorrect use of boot service in the AMD Platform Configuration Blob APCB SMM driver could allow a privileged attacker with local access Ring 0 to achieve privilege escalation potentially resulting in arbitrary code execution...
CVE-2025-54502
Summary (CVE-2025-54502) : Affected software is the AMD Platform Configuration Blob (APCB) SMM driver. The issue is an incorrect use of a boot service in APCB SMM, which could allow a local (Ring 0) attacker to escalate privileges and potentially execute arbitrary code. The CVSS-like metrics indi...
CVE-2025-20028
Time-of-check time-of-use race condition in the WheaERST SMM module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occ...
MAL-2026-1850 Malicious code in smm-yt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d0a38085e1e5c5be475b6ae3387d915541a3aea8d1b8ac6869a1125f3c47d0d The package smm-yt was found to contain malicious code...
Malicious code in smm-yt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d0a38085e1e5c5be475b6ae3387d915541a3aea8d1b8ac6869a1125f3c47d0d The package smm-yt was found to contain malicious code...
EUVD-2025-208556
Time-of-check time-of-use race condition in the UEFI PdaSmm module for some IntelR reference platforms may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...
EUVD-2025-208547
Time-of-check time-of-use race condition in the WheaERST SMM module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occ...
EUVD-2025-208546
Time-of-check time-of-use race condition in the WheaERST SMM module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occ...
CVE-2025-20028
Time-of-check time-of-use race condition in the WheaERST SMM module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occ...
CVE-2025-22850
The CVE-2025-22850 issue is a Time-of-checkTime-of-use race in the UEFI PdaSmm module on certain Intel reference platforms that may allow information disclosure. A system software adversary with privileged user access and a high-complexity/local-attack could expose data without user interaction. ...
CVE-2025-22850
Time-of-check time-of-use race condition in the UEFI PdaSmm module for some IntelR reference platforms may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...
CVE-2025-20105
The CVE-2025-20105 issue concerns improper input validation in certain UEFI firmware SMM modules on Intel reference platforms, enabling local privilege escalation and potential local code execution with a privileged user and low attack complexity (no user interaction required). Affected component...
CVE-2025-20105
Improper input validation in some UEFI firmware SMM module for the IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local...
CVE-2025-20105
Improper input validation in some UEFI firmware SMM module for the IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local...