Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
smm vulnerabilities and exploits
(subscribe to this query)
8.2
CVSSv3
CVE-2022-35893
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an malicious user to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges ...
Insyde Insydeh2o
NA
CVE-2023-20587
Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution.
9.8
CVSSv3
CVE-2021-3897
An authentication bypass vulnerability exists in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated malicious user to execute commands on the SMM and FPC2. SMM2 is not aff...
Lenovo Nextscale N1200 Enclosure Firmware
Lenovo Thinkagile Hx Enclosure Certified Node Firmware
Lenovo Thinkagile Vx Enclosure Firmware
Lenovo Thinksystem D2 Enclosure Firmware
Ibm Nextscale Fan Power Controller Firmware
6
CVSSv3
CVE-2022-35896
An issue SMM memory leak vulnerability in SMM driver (SMRAM exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of SMRAM, leading to informat...
Insyde Insydeh2o
6.3
CVSSv3
CVE-2023-2993
A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute.
Lenovo Nextscale N1200 Enclosure Firmware
Lenovo Thinkagile Cp-cb-10 Firmware
Lenovo Thinkagile Cp-cb-10e Firmware
Lenovo Thinkagile Hx Enclosure Certified Node Firmware
Lenovo Thinkagile Vx Enclosure Firmware
Lenovo Thinksystem D2 Enclosure Firmware
Lenovo Thinksystem Da240 Enclosure Firmware
Lenovo Thinksystem Dw612 Enclosure Firmware
NA
CVE-2023-52547
Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26. Memory Corruption in SMI Handler of HddPassword SMM Module. This can be leveraged by a malicious OS malicious user to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in SMM.
NA
CVE-2023-52548
Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26) Arbitrary Memory Corruption in SMI Handler of ThisiServicesSmm SMM module. This can be leveraged by a malicious OS malicious user to corrupt arbitrary SMRAM memory and, in turn, lead to code execution in SMM
7.8
CVSSv3
CVE-2021-26316
Failure to validate the communication buffer and communication service in the BIOS may allow an malicious user to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.
Amd Epyc 7h12 Firmware
Amd Epyc 7f72 Firmware
Amd Epyc 7f52 Firmware
Amd Epyc 7f32 Firmware
Amd Epyc 7742 Firmware
Amd Epyc 7702p Firmware
Amd Epyc 7702 Firmware
Amd Epyc 7662 Firmware
Amd Epyc 7642 Firmware
Amd Epyc 7552 Firmware
Amd Epyc 7542 Firmware
Amd Epyc 7532 Firmware
Amd Epyc 7502p Firmware
Amd Epyc 7502 Firmware
Amd Epyc 7452 Firmware
Amd Epyc 7402 Firmware
Amd Epyc 7402p Firmware
Amd Epyc 7352 Firmware
Amd Epyc 7302p Firmware
Amd Epyc 7302 Firmware
Amd Epyc 7282 Firmware
Amd Epyc 7272 Firmware
NA
CVE-2023-52712
Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory...
7
CVSSv3
CVE-2022-32475
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This issue w...
Insyde Insydeh2o
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »