Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
smm vulnerabilities and exploits
(subscribe to this query)
8.2
CVSSv3
CVE-2022-36338
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer ...
Insyde Insydeh2o
7.5
CVSSv3
CVE-2018-16090
In System Management Module (SMM) versions before 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection.
Lenovo System Management Module Firmware
8.1
CVSSv3
CVE-2018-16094
In System Management Module (SMM) versions before 1.06, an internal SMM function that retrieves configuration settings is prone to a buffer overflow.
Lenovo System Management Module Firmware
8.2
CVSSv3
CVE-2022-35408
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. An SMM callout vulnerability in the SMM driver in UsbLegacyControlSmm leads to possible arbitrary code execution in SMM and escalation of privileges. An attacker could overwrite the function pointers in ...
Insyde Insydeh2o
7.8
CVSSv3
CVE-2023-20555
Insufficient input validation in CpmDisplayFeatureSmm may allow an malicious user to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.
Amd Ryzen 3 3300 Firmware
Amd Ryzen 3 3300x Firmware
Amd Ryzen 5 3600 Firmware
Amd Ryzen 5 3600x Firmware
Amd Ryzen 7 3700 Firmware
Amd Ryzen 7 3700x Firmware
Amd Ryzen 9 3800x Firmware
Amd Ryzen 9 3850x Firmware
Amd Ryzen 9 5950x Firmware
Amd Ryzen 9 5900x Firmware
Amd Ryzen 9 5900 Firmware
Amd Ryzen 9 Pro 5945 Firmware
Amd Ryzen 7 5800x3d Firmware
Amd Ryzen 7 5800x Firmware
Amd Ryzen 7 5800 Firmware
Amd Ryzen 7 5700x Firmware
Amd Ryzen 7 Pro 5845 Firmware
Amd Ryzen 5 5600x3d Firmware
Amd Ryzen 5 5600x Firmware
Amd Ryzen 5 5600 Firmware
Amd Ryzen 5 Pro 5645 Firmware
Amd Ryzen 7 5700 Firmware
6.1
CVSSv3
CVE-2018-16096
In System Management Module (SMM) versions before 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site scripting.
Lenovo System Management Module Firmware
5.5
CVSSv3
CVE-2021-46791
Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user application memory that may result in a potential denial of service.
Amd Milanpi Firmware
8.1
CVSSv3
CVE-2018-9083
In System Management Module (SMM) versions before 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS -- if the attacker manages to enable SSH or Telnet connections via some other vulnerability.
Lenovo System Management Module Firmware
9.8
CVSSv3
CVE-2021-3849
An authentication bypass vulnerability exists in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated malicious user to execute commands on the SMM and FPC2. SMM2 is not affected.
Lenovo Nextscale N1200 Enclosure Firmware
Lenovo Thinkagile Hx Enclosure Certified Node Firmware
Lenovo Thinkagile Vx Enclosure Firmware
Lenovo Thinksystem D2 Enclosure Firmware
Ibm Nextscale Fan Power Controller Firmware
8.8
CVSSv3
CVE-2021-39298
A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware.
Hp Z1 Entry Tower G5 Workstation Firmware
Hp Z1 Entry Tower G6 Workstation Firmware
Hp Z1 G8 Tower Desktop Pc Firmware
Hp Z4 G4 Workstation \\(core-x\\) Firmware
Hp Z4 G4 Workstation \\(xeon W\\) Firmware
Hp Z6 G4 Workstation Firmware
Hp Z8 G4 Workstation Firmware
Hp Engage Flex Mini Retail System Firmware
Hp Mp9 G4 Retail System Firmware
Hp Elite Dragonfly Firmware
Hp Elite Dragonfly G2 Firmware
Hp Elite Dragonfly Max Firmware
Hp Elite X2 1013 G3 Firmware
Hp Elite X2 G4 Firmware
Hp Elite X2 G8 Tablet Firmware
Hp Elitebook 1050 G1 Firmware
Hp Elitebook 830 G5 Firmware
Hp Elitebook 830 G6 Firmware
Hp Elitebook 830 G7 Firmware
Hp Elitebook 830 G8 Firmware
Hp Elitebook 836 G5 Firmware
Hp Elitebook 836 G6 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »