Astra Linux – Vulnerability in amd64-microcode

Improper validation in a model-specific register MSR could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution...

Linux Distros Unpatched Vulnerability : CVE-2026-0438

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A System Management Mode SMM handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user...

K000161517: Intel UEFI firmware vulnerability CVE-2025-20105

Security Advisory Description Improper input validation in some UEFI firmware SMM module for the IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may...

EUVD-2024-55585

Improper input validation in the AMD OverDrive AOD System Management Mode SMM module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of confidentiality...

CVE-2024-36345

Improper input validation in the AMD OverDrive AOD System Management Mode SMM module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of confidentiality...

CVE-2025-54502

A flaw was found in the AMD Platform Configuration Blob APCB SMM driver. A privileged attacker with local access Ring 0 can exploit an incorrect use of a boot service. This vulnerability may allow the attacker to achieve privilege escalation, potentially leading to arbitrary code execution...

Linux Distros Unpatched Vulnerability : CVE-2025-54502

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect use of boot service in the AMD Platform Configuration Blob APCB SMM driver could allow a privileged attacker with local access Ring 0 to achieve...

Astra Linux – Vulnerability in edk2

Existing checks in SmmEntryPoint will not catch underflow when calculating BufferSize...

CVE-2025-54502

Incorrect use of boot service in the AMD Platform Configuration Blob APCB SMM driver could allow a privileged attacker with local access Ring 0 to achieve privilege escalation potentially resulting in arbitrary code execution...

CVE-2025-54502

Summary (CVE-2025-54502) : Affected software is the AMD Platform Configuration Blob (APCB) SMM driver. The issue is an incorrect use of a boot service in APCB SMM, which could allow a local (Ring 0) attacker to escalate privileges and potentially execute arbitrary code. The CVSS-like metrics indi...

CVE-2025-20028

Time-of-check time-of-use race condition in the WheaERST SMM module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occ...

MAL-2026-1850 Malicious code in smm-yt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d0a38085e1e5c5be475b6ae3387d915541a3aea8d1b8ac6869a1125f3c47d0d The package smm-yt was found to contain malicious code...

Malicious code in smm-yt (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d0a38085e1e5c5be475b6ae3387d915541a3aea8d1b8ac6869a1125f3c47d0d The package smm-yt was found to contain malicious code...

EUVD-2025-208556

Time-of-check time-of-use race condition in the UEFI PdaSmm module for some IntelR reference platforms may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...

EUVD-2025-208546

Time-of-check time-of-use race condition in the WheaERST SMM module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occ...

EUVD-2025-208547

Time-of-check time-of-use race condition in the WheaERST SMM module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occ...

CVE-2025-20028

Time-of-check time-of-use race condition in the WheaERST SMM module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occ...

CVE-2025-22850

Time-of-check time-of-use race condition in the UEFI PdaSmm module for some IntelR reference platforms may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...

CVE-2025-22850

The CVE-2025-22850 issue is a Time-of-checkTime-of-use race in the UEFI PdaSmm module on certain Intel reference platforms that may allow information disclosure. A system software adversary with privileged user access and a high-complexity/local-attack could expose data without user interaction. ...

CVE-2025-20105

The CVE-2025-20105 issue concerns improper input validation in certain UEFI firmware SMM modules on Intel reference platforms, enabling local privilege escalation and potential local code execution with a privileged user and low attack complexity (no user interaction required). Affected component...