CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/02/10 7:50 p.m.•20 views

CVE-2024-36311

A Time-of-check time-of-use TOCTOU race condition in the SMM communications buffer could allow a privileged attacker to bypass input validation and perform an out of bounds read or write, potentially resulting in loss of confidentiality, integrity, or availability...

4.6CVSS0.00015EPSS

Vulnrichment•added 2026/02/10 7:24 p.m.•2 views

CVE-2024-36310

4.6CVSS5.7AI score0.00006EPSS

CVE•added 2026/02/10 7:24 p.m.•6 views

CVE-2024-36310

CVE-2024-36310 affects AMD processors via the System Management Mode (SMM) communications buffer. The vulnerability stems from improper input validation, enabling a privileged attacker to perform an out-of-bounds read or write to SMRAM, with potential loss of confidentiality or integrity. Public ...

4.6CVSS5.8AI score0.00006EPSS

Positive Technologies•added 2026/02/10 12:0 a.m.•2 views

PT-2026-7460

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A Time-of-check time-of-use TOCTOU race condition exists in the SMM communications buffer. This condition could allow a privileged attacker to bypass input validation and perform an out-of-bounds rea...

4.6CVSS5.5AI score0.00015EPSS

Tenable Nessus•added 2025/10/03 12:0 a.m.•1 views

Dell Client BIOS Improper SMM Communication Buffer Verification (DSA-2024-104)

The Dell BIOS on the remote device is missing a security patch and is, therefore, affected by an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM. Note that Nessus ha...

6.8CVSS5.9AI score0.00033EPSS

Exploits0References2

Vulnrichment•added 2025/07/11 3:22 p.m.•2 views

CVE-2025-7029 SMM Arbitrary Write via Unchecked OcHeader Buffer in Platform Configuration Handler

A vulnerability in the Software SMI handler SwSmiInputValue 0xB2 allows a local attacker to control the RBX register, which is used to derive pointers OcHeader, OcData passed into power and thermal configuration logic. These buffers are not validated before performing multiple structured memory...

9.3AI score0.00147EPSS

Vulnrichment•added 2025/05/29 2:0 p.m.•11 views

CVE-2025-33043 SMM buffer Integrity

APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation locally. Successful exploitation of this vulnerability can potentially impact of integrity...

5.8CVSS7.1AI score0.00051EPSS

ATTACKERKB•added 2024/04/26 3:15 a.m.•1 views

CVE-2023-47252

An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 through 5.6. There is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. The PNP-related SMI sub-functions do not verify data size before getting it from the communication buffer, which could...

6.3CVSS6AI score0.00133EPSS

Exploits0References2

Positive Technologies•added 2024/03/19 12:0 a.m.•1 views

PT-2024-21234 · Dell · Dell Poweredge Server Bios

Name of the Vulnerable Software and Affected Versions: Dell PowerEdge Server BIOS affected versions not specified Description: The issue is related to an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability,...

6.8CVSS6.7AI score0.00033EPSS

Exploits0References5

CVE-2022-34421

Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service...

6.7CVSS6.4AI score

6.7CVSS6.4AI score0.00059EPSS

CVE-2022-34422

CVE-2022-34412

6.7CVSS6.4AI score