29 matches found
CVE-2025-20028
Time-of-check time-of-use race condition in the WheaERST SMM module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occ...
EUVD-2025-208556
Time-of-check time-of-use race condition in the UEFI PdaSmm module for some IntelR reference platforms may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...
CVE-2025-20028
Time-of-check time-of-use race condition in the WheaERST SMM module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occ...
CVE-2025-22850
Time-of-check time-of-use race condition in the UEFI PdaSmm module for some IntelR reference platforms may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...
CVE-2025-20105
Improper input validation in some UEFI firmware SMM module for the IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local...
CVE-2025-20028
CVE-2025-20028 is a TOCTOU race condition in the WheaERST SMM module on some Intel reference platforms that may allow local privilege escalation by a privileged attacker with high attack complexity and no user interaction. Affected software is Intel UEFI/SMM components on various Intel reference ...
PT-2026-24493
Time-of-check time-of-use race condition in the WheaERST SMM module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occ...
EUVD-2023-32145
Malicious code in bioql PyPI...
EUVD-2024-54678
Malicious code in bioql PyPI...
CVE-2025-4426 SetupAutomationSmm : SMRAM memory contents leak / information disclosure vulnerability in SMM module
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/productsecurity/home...
CVE-2025-4426 SetupAutomationSmm : SMRAM memory contents leak / information disclosure vulnerability in SMM module
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/productsecurity/home...
CVE-2025-4426
CVE-2025-4426 appears to be Lenovo-specific, involving a vulnerability in custom firmware where the SMM module’s SMRAM memory contents can be leaked, causing information disclosure. Public records in connected documents point to InsydeH2O-related SMRAM leakage in the SMM, with Lenovo as the vendo...
CVE-2025-4423 SetupAutomationSmm:Vulnerability in the SMM module allow attacker to write arbitrary code and lead to memory corruption
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/productsecurity/home...
CVE-2025-4423
CVE-2025-4423 is linked to Lenovo devices running InsydeH2O firmware. Connected documents describe a vulnerability in the InsydeH2O/SMM subsystem that allows a local attacker with privileges to write arbitrary code and trigger memory corruption (buffer flaw), enabling a local privilege escalation...
CVE-2025-4423 SetupAutomationSmm:Vulnerability in the SMM module allow attacker to write arbitrary code and lead to memory corruption
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/productsecurity/home...
CVE-2025-4422 EfiSmiServices : EfiPcdProtocol, SMM memory corruption vulnerabilities in SMM module
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/productsecurity/home...
CVE-2025-4421 EfiSmiServices: gEfiSmmCpuProtocol, SMM memory corruption vulnerabilities in SMM module
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/productsecurity/home...
CVE-2025-4421
CVE-2025-4421 involves SMM memory corruption in the InsydeH2O firmware, linked to Lenovo-related firmware code. The root cause is a vulnerability in the SMM module involving gEfiSmmCpuProtocol/EfiSmiServices that can corrupt SMM memory. Connected docs describe insecure firmware leading to unautho...
CVE-2025-4421 EfiSmiServices: gEfiSmmCpuProtocol, SMM memory corruption vulnerabilities in SMM module
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/productsecurity/home...
CVE-2024-55567
Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.01, 5.6 before 05.62.01, and 5.7 before 05.71.01. The SMM module has an SMM call out vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary...