System Management Module Firmware Security Vulnerabilities and Issues — System Management Module Firmware CVE List

Lucene search

LenovoSystem Management Module Firmware

4 matches found

CVE•added 2018/11/27 2:29 p.m.•39 views

CVE-2018-16094

In System Management Module (SMM) versions prior to 1.06, an internal SMM function that retrieves configuration settings is prone to a buffer overflow.

8.1CVSS8.2AI score0.00543EPSS

CVE•added 2018/11/27 2:29 p.m.•38 views

CVE-2018-16089

In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user.

8.5CVSS8AI score0.0063EPSS

CVE•added 2018/11/27 2:29 p.m.•38 views

CVE-2018-16092

In System Management Module (SMM) versions prior to 1.06, the FFDC feature includes the collection of SMM system files containing sensitive information; notably, the SMM user account credentials and the system shadow file.

8.1CVSS8AI score0.0033EPSS

CVE•added 2018/11/27 2:29 p.m.•36 views

CVE-2018-16091

In System Management Module (SMM) versions prior to 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer overflows.

8.1CVSS8.2AI score0.00378EPSS