K000161517: Intel UEFI firmware vulnerability CVE-2025-20105

Security Advisory Description Improper input validation in some UEFI firmware SMM module for the IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may...

PT-2025-32958

Name of the Vulnerable Software and Affected Versions: Tcg2Smm affected versions not specified Description: Tcg2Smm contains a flaw that allows writing arbitrary memory inside SMRAM and executing arbitrary code at the SMM level. Recommendations: At the moment, there is no information about a newe...

CVE-2023-52711

Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory thus potentially...

CVE-2023-52710

CVE-2023-52710 affects Huawei MateBook D16 (Model CREM-WXX9, BIOS v2.26). The issue is insufficient validation of the communication buffer size, allowing partial overlap with the start of SMRAM and potentially enabling code execution in SMM. Connected documents confirm the affected hardware and r...

PT-2024-3507 · Huawei · Huawei Matebook D16

Name of the Vulnerable Software and Affected Versions: Huawei Matebook D16 version v2.26 Description: The issue is related to a buffer overflow in the SMRAM memory of Huawei personal computers' UEFI BIOS microprogram, which can allow an attacker to execute arbitrary code in System Management Mode...