Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
smm vulnerabilities and exploits
(subscribe to this query)
8.2
CVSSv3
CVE-2021-43615
An issue exists in HddPassword in Insyde InsydeH2O with kernel 5.1 prior to 05.16.23, 5.2 prior to 05.26.23, 5.3 prior to 05.35.23, 5.4 prior to 05.43.22, and 5.5 prior to 05.51.22. An SMM memory corruption vulnerability allows an malicious user to write fixed or predictable data...
Insyde Insydeh2o
7.5
CVSSv3
CVE-2021-43522
An issue exists in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. A StorageSecurityCommandDxe SMM memory corruption vulnerability allows an malicious user to write fixed or predictable data to SMRAM. Exploiting this issue ...
Insyde Insydeh2o
8.2
CVSSv3
CVE-2022-24069
An issue exists in AhciBusDxe in Insyde InsydeH2O with kernel 5.0 prior to 05.08.41, 5.1 prior to 05.16.29, 5.2 prior to 05.26.29, 5.3 prior to 05.35.29, 5.4 prior to 05.43.29, and 5.5 prior to 05.51.29. An SMM callout vulnerability allows an malicious user to hijack the executio...
Insyde Insydeh2o
6.7
CVSSv3
CVE-2020-12890
Improper handling of pointers in the System Management Mode (SMM) handling code may allow for a privileged attacker with physical or administrative access to potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by ...
Amd Amd Generic Encapsulated Software Architecture -
8.1
CVSSv3
CVE-2018-16092
In System Management Module (SMM) versions before 1.06, the FFDC feature includes the collection of SMM system files containing sensitive information; notably, the SMM user account credentials and the system shadow file.
Lenovo System Management Module Firmware
7.5
CVSSv3
CVE-2018-16089
In System Management Module (SMM) versions before 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user.
Lenovo System Management Module Firmware
7.8
CVSSv3
CVE-2023-39283
An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 up to and including 5.5 allows malicious users to send arbitrary data to SMM which could lead to privilege escalation.
Insyde Insydeh2o
Insyde Insydeh2o 5.5.05.53.22
Insyde Insydeh2o 5.6
Insyde Insydeh2o 5.6.05.60.22
7.5
CVSSv3
CVE-2023-2992
An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server.
Lenovo Nextscale N1200 Enclosure Firmware
Lenovo Thinkagile Cp-cb-10 Firmware
Lenovo Thinkagile Cp-cb-10e Firmware
Lenovo Thinkagile Hx Enclosure Certified Node Firmware
Lenovo Thinkagile Vx Enclosure Firmware
Lenovo Thinksystem D2 Enclosure Firmware
Lenovo Thinksystem Da240 Enclosure Firmware
Lenovo Thinksystem Dw612 Enclosure Firmware
8.1
CVSSv3
CVE-2018-16091
In System Management Module (SMM) versions before 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer overflows.
Lenovo System Management Module Firmware
5.9
CVSSv3
CVE-2018-16095
In System Management Module (SMM) versions before 1.06, the SMM records hashed passwords to a debug log when user authentication fails.
Lenovo System Management Module Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »