CVE-2021-33627

An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. Software SMI services that use the Communicate function of the EFISMMCOMMUNICATIONPROTOC...

EUVD-2025-21137

Malicious code in bioql PyPI...

EUVD-2025-21141

Malicious code in bioql PyPI...

EUVD-2022-38769

Malicious code in bioql PyPI...

EUVD-2025-21142

Malicious code in bioql PyPI...

EUVD-2022-52822

Malicious code in bioql PyPI...

EUVD-2022-39157

Malicious code in bioql PyPI...

CVE-2025-7026

A vulnerability in the Software SMI handler SwSmiInputValue 0xB2 allows a local attacker to control the RBX register, which is used as an unchecked pointer in the CommandRcx0 function. If the contents at RBX match certain expected values e.g., '$DB$' or '2DB$', the function performs arbitrary...

CVE-2025-7028

A vulnerability in the Software SMI handler SwSmiInputValue 0x20 allows a local attacker to supply a crafted pointer FuncBlock through RBX and RCX register values. This pointer is passed unchecked into multiple flash management functions ReadFlash, WriteFlash, EraseFlash, and GetFlashInfo that...

CVE-2025-7027

A vulnerability in the Software SMI handler SwSmiInputValue 0xB2 allows a local attacker to control both the read and write addresses used by the CommandRcx1 function. The write target is derived from an unvalidated UEFI NVRAM variable SetupXtuBufferAddress, while the write content is read from a...

CVE-2025-7029

A vulnerability in the Software SMI handler SwSmiInputValue 0xB2 allows a local attacker to control the RBX register, which is used to derive pointers OcHeader, OcData passed into power and thermal configuration logic. These buffers are not validated before performing multiple structured memory...

CVE-2025-7027

A vulnerability in the Software SMI handler SwSmiInputValue 0xB2 allows a local attacker to control both the read and write addresses used by the CommandRcx1 function. The write target is derived from an unvalidated UEFI NVRAM variable SetupXtuBufferAddress, while the write content is read from a...

CVE-2025-7028

A vulnerability in the Software SMI handler SwSmiInputValue 0x20 allows a local attacker to supply a crafted pointer FuncBlock through RBX and RCX register values. This pointer is passed unchecked into multiple flash management functions ReadFlash, WriteFlash, EraseFlash, and GetFlashInfo that...

CVE-2025-7028 SMM Arbitrary Memory Access via Flash Handler with Unchecked FuncBlock Pointer

A vulnerability in the Software SMI handler SwSmiInputValue 0x20 allows a local attacker to supply a crafted pointer FuncBlock through RBX and RCX register values. This pointer is passed unchecked into multiple flash management functions ReadFlash, WriteFlash, EraseFlash, and GetFlashInfo that...

CVE-2025-7028 SMM Arbitrary Memory Access via Flash Handler with Unchecked FuncBlock Pointer

A vulnerability in the Software SMI handler SwSmiInputValue 0x20 allows a local attacker to supply a crafted pointer FuncBlock through RBX and RCX register values. This pointer is passed unchecked into multiple flash management functions ReadFlash, WriteFlash, EraseFlash, and GetFlashInfo that...

CVE-2022-36448

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver...

CVE-2022-33906

DMA transactions which are targeted at input buffers used for the FwBlockServiceSmm software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the FwBlockServiceSmm driver could cause...

PT-2025-29263

Name of the Vulnerable Software and Affected Versions Gigabyte motherboards affected versions not specified Intel® H110 Intel® Z170, H170, B150, Q170 Intel® Z270, H270, B250, Q270 Intel® Z370, B365 Intel® Z390, H310, B360, Q370, C246 Intel® Z490, H470, H410, W480 Intel® Z590, B560, H510, Q570...

PT-2025-29260

Name of the Vulnerable Software and Affected Versions Gigabyte motherboards affected versions not specified Intel® H110 Intel® Z170, H170, B150, Q170 Intel® Z270, H270, B250, Q270 Intel® Z370, B365 Intel® Z390, H310, B360, Q370, C246 Intel® Z490, H470, H410, W480 Intel® Z590, B560, H510, Q570...

Siemens RUGGEDCOM APE1808

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...