K000161517: Intel UEFI firmware vulnerability CVE-2025-20105

Security Advisory Description Improper input validation in some UEFI firmware SMM module for the IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may...

CVE-2025-35991

Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...

CVE-2025-35991

Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...

K000160902: Intel UEFI vulnerability CVE-2025-20027

Security Advisory Description Improper input validation in the UEFI WheaERST module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may...

F5 Networks BIG-IP : Intel UEFI vulnerability (K000160902)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000160902 advisory. Improper input validation in the UEFI WheaERST module for some IntelR reference platforms may allow an escalation of...

CVE-2025-20096

Improper input validation in the UEFI firmware for some Intel Reference Platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation. This result may potentially occur via local access when...

2026.1 IPU, UEFI Reference Firmware Advisory

Summary: A potential security vulnerability in UEFI for some Intel Reference Platforms may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerability. Vulnerability Details: CVEID: CVE-2025-20096 Description: Improper input validation in the UEFI...

CVE-2025-33182

NVIDIA Jetson Linux contains a vulnerability in UEFI, where improper authentication may allow a privileged user to cause corruption of the Linux Device Tree. A successful exploitation of this vulnerability might lead to data tampering, denial of service...

EUVD-2020-27107

Malware in sbrugna...

CVE-2025-23270

CVE-2025-23270 (NVIDIA Jetson Linux) describes a side-channel vulnerability in UEFI Management mode that can be exploited by an unprivileged local attacker to cause exposure of sensitive information, with potential for code execution, data tampering, denial of service, and information disclosure....

A Vulnerability in UEFI Applications allows for secure boot bypass via misused NVRAM variable

Overview UEFI firmware applications DTBios and BiosFlashShell from DTResearch contain a vulnerability that allows Secure Boot to be bypassed using a specially crafted NVRAM variable. The vulnerability stems from improper handling of a runtime NVRAM variable that enables an arbitrary write...

CVE-2024-45105

An internal product security audit discovered a UEFI SMM System Management Mode callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code...

PT-2025-19327 · Intel · Intel Uefi

Name of the Vulnerable Software and Affected Versions: Intel UEFI affected versions not specified Description: A vulnerability in the digital signature verification process does not properly validate variable attributes, which allows an attacker to bypass signature verification by creating a...

K000141505: Intel UEFI vulnerability CVE-2024-21829

Security Advisory Description Improper input validation in UEFI firmware error handler for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2024-21829 Impact Attackers may exploit this vulnerability to enable privilege escalati...

A week in security (June 17 – June 23)

Last week on Malwarebytes Labs: Microsoft Recall delayed after privacy and security concerns Almost everything you always wanted to know about cybersecurity, but were too afraid to ask, with Tjitske de Vries: Lock and Code S05E13 43% of couples experience pressure to share logins and locations,...

edk2: Out of Bounds read when handling a ND Redirect message with truncated options

A security loophole involving an out-of-bounds read was identified in EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized attacker within the vicinity of the network to transmit a specifically crafted Neighbor Discovery Redirect...

PT-2023-21149 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O with kernel 5.0 through 5.5 Description: An issue was discovered in Insyde InsydeH2O where UEFI implementations do not correctly protect and validate information contained in the MeSetup UEFI variable. On some systems, this...

CVE-2020-5953

A vulnerability exists in System Management Interrupt SWSMI handler of InsydeH2O UEFI Firmware code located in SWSMI handler that dereferences gRT EFIRUNTIMESERVICES pointer to call a GetVariable service, which is located outside of SMRAM. This can result in code execution in SMM escalating...

Dell Inspiron 7352 BIOS Boot Service Override Vulnerability

Dell Inspiron 7352 BIOS is a system update driver for Dell Dell. Dell Inspiron 7352 BIOS versions prior to A12 are vulnerable to a UEFI BIOS boot service override vulnerability, which could allow an attacker to override the EFIBOOTservice structure to execute arbitrary code in System Management...

CVE-2020-5376

Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFIBOOTSERVICES structure to execute arbitrary code in System Management Mode SMM...