Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
smm vulnerabilities and exploits
(subscribe to this query)
641
VMScore
CVE-2021-45971
An issue exists in SdHostDriver in Insyde InsydeH2O with kernel 5.1 prior to 05.16.25, 5.2 prior to 05.26.25, 5.3 prior to 05.35.25, 5.4 prior to 05.43.25, and 5.5 prior to 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler ...
Insyde Insydeh2o
641
VMScore
CVE-2021-42060
An issue exists in Insyde InsydeH2O Kernel 5.0 up to and including 05.08.41, Kernel 5.1 up to and including 05.16.41, Kernel 5.2 prior to 05.23.22, and Kernel 5.3 prior to 05.32.22. An Int15ServiceSmm SMM callout vulnerability allows an malicious user to hijack execution flow of ...
Insyde Insydeh2o
409
VMScore
CVE-2021-42113
An issue exists in StorageSecurityCommandDxe in Insyde InsydeH2O with Kernel 5.1 prior to 05.14.28, Kernel 5.2 prior to 05.24.28, and Kernel 5.3 prior to 05.32.25. An SMM callout vulnerability allows an malicious user to hijack execution flow of code running in System Management ...
Insyde Insydeh2o
641
VMScore
CVE-2020-12890
Improper handling of pointers in the System Management Mode (SMM) handling code may allow for a privileged attacker with physical or administrative access to potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by ...
Amd Amd Generic Encapsulated Software Architecture -
383
VMScore
CVE-2018-16092
In System Management Module (SMM) versions before 1.06, the FFDC feature includes the collection of SMM system files containing sensitive information; notably, the SMM user account credentials and the system shadow file.
Lenovo System Management Module Firmware
756
VMScore
CVE-2018-16089
In System Management Module (SMM) versions before 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user.
Lenovo System Management Module Firmware
NA
CVE-2023-39283
An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 up to and including 5.5 allows malicious users to send arbitrary data to SMM which could lead to privilege escalation.
Insyde Insydeh2o
Insyde Insydeh2o 5.5.05.53.22
Insyde Insydeh2o 5.6
Insyde Insydeh2o 5.6.05.60.22
NA
CVE-2023-2992
An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server.
Lenovo Nextscale N1200 Enclosure Firmware
Lenovo Thinkagile Cp-cb-10 Firmware
Lenovo Thinkagile Cp-cb-10e Firmware
Lenovo Thinkagile Hx Enclosure Certified Node Firmware
Lenovo Thinkagile Vx Enclosure Firmware
Lenovo Thinksystem D2 Enclosure Firmware
Lenovo Thinksystem Da240 Enclosure Firmware
Lenovo Thinksystem Dw612 Enclosure Firmware
605
VMScore
CVE-2018-16091
In System Management Module (SMM) versions before 1.06, the SMM certificate creation and parsing logic is vulnerable to several buffer overflows.
Lenovo System Management Module Firmware
383
VMScore
CVE-2018-16095
In System Management Module (SMM) versions before 1.06, the SMM records hashed passwords to a debug log when user authentication fails.
Lenovo System Management Module Firmware
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »