CVE-2024-36310

Improper input validation in the SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to SMRAM potentially resulting in loss of confidentiality or integrity...

CVE-2024-36355

Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 sleep wake up, potentially resulting in arbitrary code execution...

CVE-2024-36310

Improper input validation in the SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to SMRAM potentially resulting in loss of confidentiality or integrity...

PT-2026-7441

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A flaw exists in input validation within the System Management Mode SMM communications buffer. This could allow a user with elevated privileges to read from or write to memory outside of designated...

CVE-2021-33626

A vulnerability exists in SMM System Management Mode branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointerQWORD values for CommBuffer. This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code executio...

CVE-2025-10451 H19Int15CallbackSmm: SMM memory corruption vulnerability in combined DXE/SMM (SMRAM write)

Unchecked output buffer may allowed arbitrary code execution in SMM and potentially result in SMM memory corruption...

CVE-2025-10451

CVE-2025-10451 affects Insyde InsydeH2O (EFI/UEFI) with an unchecked output buffer that can enable arbitrary code execution in System Management Mode (SMM) and may cause SMM memory corruption. The CVE is described as a H19Int15CallbackSmm memory-corruption vulnerability in combined DXE/SMM (SMRAM...

EUVD-2025-21138

Malicious code in bioql PyPI...

EUVD-2025-24532

Malicious code in bioql PyPI...

CVE-2025-33045

AMI AptioV BIOS contains BIOS-level vulnerabilities enabling a privileged local attacker to perform a write-what-where operation and expose sensitive information, potentially leading to information disclosure and arbitrary data writes with impact to confidentiality, integrity, and availability. S...

CVE-2025-4277 Tcg2Smm: improper input validation may lead to arbitrary code execution

Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level...

CVE-2025-4277

CVE-2025-4277 is described across multiple sources as a vulnerability in InsydeH2O firmware (Tcg2Smm) that can write arbitrary memory inside SMRAM and execute arbitrary code at the SMM level. The root cause indicated in CVE records is improper input handling/execution flow that enables arbitrary ...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a new EFI/UEFI specification from Insyde China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O that originates from the ability to write to arbitrary memory in SMRAM and execute arbitrary code at th...

PT-2025-32957 · Unknown · Usbcoredxe

Name of the Vulnerable Software and Affected Versions: UsbCoreDxe affected versions not specified Description: UsbCoreDxe contains a flaw that allows writing to arbitrary memory locations within the System Management RAM SMRAM. Successful exploitation of this issue can lead to arbitrary code...

InsydeH2O 安全漏洞

InsydeH2O is a customizable firmware codebase from China Insyde Insyde. A security vulnerability exists in InsydeH2O, which can be exploited to write to arbitrary memory in SMRAM and execute arbitrary code at the SMM level...

CVE-2025-7028

A vulnerability in the Software SMI handler SwSmiInputValue 0x20 allows a local attacker to supply a crafted pointer FuncBlock through RBX and RCX register values. This pointer is passed unchecked into multiple flash management functions ReadFlash, WriteFlash, EraseFlash, and GetFlashInfo that...

CVE-2025-7026 SMM Arbitrary Write via Unchecked RBX Pointer in CommandRcx0

A vulnerability in the Software SMI handler SwSmiInputValue 0xB2 allows a local attacker to control the RBX register, which is used as an unchecked pointer in the CommandRcx0 function. If the contents at RBX match certain expected values e.g., '$DB$' or '2DB$', the function performs arbitrary...

CVE-2025-7028 SMM Arbitrary Memory Access via Flash Handler with Unchecked FuncBlock Pointer

A vulnerability in the Software SMI handler SwSmiInputValue 0x20 allows a local attacker to supply a crafted pointer FuncBlock through RBX and RCX register values. This pointer is passed unchecked into multiple flash management functions ReadFlash, WriteFlash, EraseFlash, and GetFlashInfo that...

CVE-2025-7028

CVE-2025-7028 is a Gigabyte UEFI firmware vulnerability affecting the Software SMI handler. An attacker can supply a crafted pointer via RBX/RCX (FuncBlock) that is passed unchecked into flash-management calls (ReadFlash, WriteFlash, EraseFlash, GetFlashInfo), which dereference the pointer and it...

CVE-2025-7027

Gigabyte Gigabyte UEFI SMM vulnerabilities (CVE-2025-7027) allow a local attacker to control both read and write addresses in SMRAM via the SwSmiInputValue 0xB2 handling, using an unvalidated UEFI NVRAM pointer (SetupXtuBufferAddress) and an attacker-controlled RBX-based pointer to perform arbitr...