Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
smm vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-3849
An authentication bypass vulnerability exists in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated malicious user to execute commands on the SMM and FPC2. SMM2 is not affected.
Lenovo Nextscale N1200 Enclosure Firmware
Lenovo Thinkagile Hx Enclosure Certified Node Firmware
Lenovo Thinkagile Vx Enclosure Firmware
Lenovo Thinksystem D2 Enclosure Firmware
Ibm Nextscale Fan Power Controller Firmware
NA
CVE-2023-20587
Improper Access Control in System Management Mode (SMM) may allow an attacker access to the SPI flash potentially leading to arbitrary code execution.
6
CVSSv3
CVE-2022-35896
An issue SMM memory leak vulnerability in SMM driver (SMRAM exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of SMRAM, leading to informat...
Insyde Insydeh2o
9.8
CVSSv3
CVE-2021-3897
An authentication bypass vulnerability exists in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated malicious user to execute commands on the SMM and FPC2. SMM2 is not aff...
Lenovo Nextscale N1200 Enclosure Firmware
Lenovo Thinkagile Hx Enclosure Certified Node Firmware
Lenovo Thinkagile Vx Enclosure Firmware
Lenovo Thinksystem D2 Enclosure Firmware
Ibm Nextscale Fan Power Controller Firmware
6.3
CVSSv3
CVE-2023-2993
A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute.
Lenovo Nextscale N1200 Enclosure Firmware
Lenovo Thinkagile Cp-cb-10 Firmware
Lenovo Thinkagile Cp-cb-10e Firmware
Lenovo Thinkagile Hx Enclosure Certified Node Firmware
Lenovo Thinkagile Vx Enclosure Firmware
Lenovo Thinksystem D2 Enclosure Firmware
Lenovo Thinksystem Da240 Enclosure Firmware
Lenovo Thinksystem Dw612 Enclosure Firmware
NA
CVE-2023-52548
Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26) Arbitrary Memory Corruption in SMI Handler of ThisiServicesSmm SMM module. This can be leveraged by a malicious OS malicious user to corrupt arbitrary SMRAM memory and, in turn, lead to code execution in SMM
NA
CVE-2023-52547
Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26. Memory Corruption in SMI Handler of HddPassword SMM Module. This can be leveraged by a malicious OS malicious user to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in SMM.
7.8
CVSSv3
CVE-2021-26316
Failure to validate the communication buffer and communication service in the BIOS may allow an malicious user to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.
Amd Epyc 7h12 Firmware
Amd Epyc 7f72 Firmware
Amd Epyc 7f52 Firmware
Amd Epyc 7f32 Firmware
Amd Epyc 7742 Firmware
Amd Epyc 7702p Firmware
Amd Epyc 7702 Firmware
Amd Epyc 7662 Firmware
Amd Epyc 7642 Firmware
Amd Epyc 7552 Firmware
Amd Epyc 7542 Firmware
Amd Epyc 7532 Firmware
Amd Epyc 7502p Firmware
Amd Epyc 7502 Firmware
Amd Epyc 7452 Firmware
Amd Epyc 7402 Firmware
Amd Epyc 7402p Firmware
Amd Epyc 7352 Firmware
Amd Epyc 7302p Firmware
Amd Epyc 7302 Firmware
Amd Epyc 7282 Firmware
Amd Epyc 7272 Firmware
7
CVSSv3
CVE-2022-32475
An issue exists in Insyde InsydeH2O with kernel 5.0 up to and including 5.5. DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This issue w...
Insyde Insydeh2o
NA
CVE-2023-52712
Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »