Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
smm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-36338
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer ...
Insyde Insydeh2o
534
VMScore
CVE-2018-16090
In System Management Module (SMM) versions before 1.06, the SMM certificate creation and parsing logic is vulnerable to post-authentication command injection.
Lenovo System Management Module Firmware
605
VMScore
CVE-2018-16094
In System Management Module (SMM) versions before 1.06, an internal SMM function that retrieves configuration settings is prone to a buffer overflow.
Lenovo System Management Module Firmware
NA
CVE-2022-35408
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. An SMM callout vulnerability in the SMM driver in UsbLegacyControlSmm leads to possible arbitrary code execution in SMM and escalation of privileges. An attacker could overwrite the function pointers in ...
Insyde Insydeh2o
NA
CVE-2023-20555
Insufficient input validation in CpmDisplayFeatureSmm may allow an malicious user to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.
Amd Ryzen 3 3300 Firmware
Amd Ryzen 3 3300x Firmware
Amd Ryzen 5 3600 Firmware
Amd Ryzen 5 3600x Firmware
Amd Ryzen 7 3700 Firmware
Amd Ryzen 7 3700x Firmware
Amd Ryzen 9 3800x Firmware
Amd Ryzen 9 3850x Firmware
Amd Ryzen 9 5950x Firmware
Amd Ryzen 9 5900x Firmware
Amd Ryzen 9 5900 Firmware
Amd Ryzen 9 Pro 5945 Firmware
Amd Ryzen 7 5800x3d Firmware
Amd Ryzen 7 5800x Firmware
Amd Ryzen 7 5800 Firmware
Amd Ryzen 7 5700x Firmware
Amd Ryzen 7 Pro 5845 Firmware
Amd Ryzen 5 5600x3d Firmware
Amd Ryzen 5 5600x Firmware
Amd Ryzen 5 5600 Firmware
Amd Ryzen 5 Pro 5645 Firmware
Amd Ryzen 7 5700 Firmware
383
VMScore
CVE-2018-16096
In System Management Module (SMM) versions before 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site scripting.
Lenovo System Management Module Firmware
NA
CVE-2021-46791
Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user application memory that may result in a potential denial of service.
Amd Milanpi Firmware
828
VMScore
CVE-2018-9083
In System Management Module (SMM) versions before 1.06, the SMM contains weak default root credentials which could be used to log in to the device OS -- if the attacker manages to enable SSH or Telnet connections via some other vulnerability.
Lenovo System Management Module Firmware
NA
CVE-2022-35893
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an malicious user to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges ...
Insyde Insydeh2o
668
VMScore
CVE-2021-3849
An authentication bypass vulnerability exists in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated malicious user to execute commands on the SMM and FPC2. SMM2 is not affected.
Lenovo Nextscale N1200 Enclosure Firmware
Lenovo Thinkagile Hx Enclosure Certified Node Firmware
Lenovo Thinkagile Vx Enclosure Firmware
Lenovo Thinksystem D2 Enclosure Firmware
Ibm Nextscale Fan Power Controller Firmware
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »