PT-2025-32958

Name of the Vulnerable Software and Affected Versions: Tcg2Smm affected versions not specified Description: Tcg2Smm contains a flaw that allows writing arbitrary memory inside SMRAM and executing arbitrary code at the SMM level. Recommendations: At the moment, there is no information about a newe...

CVE-2023-52711

Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory thus potentially...

CVE-2023-52710

CVE-2023-52710 affects Huawei MateBook D16 (Model CREM-WXX9, BIOS v2.26). The issue is insufficient validation of the communication buffer size, allowing partial overlap with the start of SMRAM and potentially enabling code execution in SMM. Connected documents confirm the affected hardware and r...

PT-2024-3507 · Huawei · Huawei Matebook D16

Name of the Vulnerable Software and Affected Versions: Huawei Matebook D16 version v2.26 Description: The issue is related to a buffer overflow in the SMRAM memory of Huawei personal computers' UEFI BIOS microprogram, which can allow an attacker to execute arbitrary code in System Management Mode...

CVE-2023-20563

Insufficient protections in System Management Mode SMM code may allow an attacker to potentially enable escalation of privilege via local access...

CVE-2023-20571

A race condition in System Management Mode SMM code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation...

Design/Logic Flaw

Insufficient protections in System Management Mode SMM code may allow an attacker to potentially enable escalation of privilege via local access...

Design/Logic Flaw

Insufficient protections in System Management Mode SMM code may allow an attacker to potentially enable escalation of privilege via local access...

CVE-2023-20565

Insufficient protections in System Management Mode SMM code may allow an attacker to potentially enable escalation of privilege via local access...

CVE-2023-20565

CVE-2023-20565 is documented in AMD’s embedded/PI firmware advisories (AMD-SB-5001 and related) as a high-severity issue where insufficient protections in System Management Mode (SMM) could allow privilege escalation via local access. The connected AMD bulletin provides mitigations via Platform I...

CVE-2023-20563

CVE-2023-20563 is a documented AMD/PI firmware vulnerability affecting System Management Mode (SMM) with local privilege escalation potential. The Connected AMD bulletin entries (AMD-SB-5001 and AMD-SB-4002) describe multiple affected AMD embedded platforms and indicate mitigations via Platform I...

CVE-2023-20563

Insufficient protections in System Management Mode SMM code may allow an attacker to potentially enable escalation of privilege via local access...

Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32477)

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FvbServicesRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated...

Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32473)

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the HddPassword shared buffer used by SMM and non- SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMM...

Race condition

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the SdHostDriver buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU...

CVE-2022-32474

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the StorageSecurityCommandDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigat...

Race condition

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the IdeBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU...

Race condition

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the NvmExpressDxe buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU...

CVE-2022-32954

The CVE-2022-32954 issue affects Insyde InsydeH2O BIOS (kernel 5.1–5.5). Description and connected sources confirm a TOCTOU race condition via DMA on SdMmcDevice buffer used by SMM and non-SMM code, risking SMRAM corruption and privilege escalation. Impacts are locally exploitable and context-spe...

CVE-2022-32953

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the SdHostDriver buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU...