Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
smm vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-52711
Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory...
2.4
CVSSv3
CVE-2020-8341
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). After resuming from S3 sleep mode in various versions of BIOS for ...
Lenovo Thinkpad T490 \\(20nx\\) Firmware
Lenovo Thinkpad T490 \\(20qx\\) Firmware
Lenovo Thinkpad T490 \\(20rx\\) Firmware
Lenovo Thinkpad T490s \\(20nx\\) Firmware
Lenovo Thinkpad T495 Drift Firmware
Lenovo Thinkpad T590 \\(20nx\\) Firmware
Lenovo Thinkpad X1 Carbon \\(20qx\\) Firmware
Lenovo Thinkpad X1 Yoga \\(20qx\\) Firmware
Lenovo Thinkpad X390 \\(20qx\\) Firmware
Lenovo Thinkpad X390 \\(20sx\\) Firmware
9.8
CVSSv3
CVE-2020-14032
ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via code execution in the SMM.
Asrock Box-r1000 Firmware
3.3
CVSSv3
CVE-2019-6156
In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this provides sufficient protection, an additional layer of protection is provided by SPI Protected Range Registers (PRx). Lenovo was notified that after resuming from S3 sleep mode in vari...
Lenovo 510-15ikl Firmware -
Lenovo 510s-08ikl Firmware -
Lenovo Ideacentre 300-20ish Firmware -
Lenovo Ideacentre 300s-11ish Firmware -
Lenovo Ideacentre 510-15icb Firmware
Lenovo Ideacentre 510a-15icb Firmware
Lenovo Ideacentre 510s-08ish Firmware -
Lenovo Ideacentre 620s-03ikl Firmware -
Lenovo Ideacentre 700 Firmware
Lenovo Ideacentre 720-18icb Firmware
Lenovo Legion C530-19icb Firmware
Lenovo Legion C730-19ico Firmware
Lenovo Legion T530-28icb Firmware
Lenovo Legion T730-28ico Firmware
Lenovo Legion Y520t Z370 Firmware -
Lenovo Legion Y720 Tower Firmware -
Lenovo Legion Y920 Tower Firmware -
Lenovo Lenovo 63 Firmware -
Lenovo H50-30g Desktop Firmware -
Lenovo M4500 Firmware -
Lenovo M4500 Id Firmware -
Lenovo M4550 Id Firmware -
9.8
CVSSv3
CVE-2022-29264
An issue exists in coreboot 4.13 up to and including 4.16. On APs, arbitrary code execution in SMM may occur.
Coreboot Coreboot
7
CVSSv3
CVE-2020-12951
Race condition in ASP firmware could allow less privileged x86 code to perform ASP SMM (System Management Mode) operations.
Amd Epyc 7003 Firmware
Amd Epyc 7002 Firmware
Amd Epyc 7001 Firmware
Amd Epyc 72f3 Firmware
Amd Epyc 7313 Firmware
Amd Epyc 7313p Firmware
Amd Epyc 7343 Firmware
Amd Epyc 73f3 Firmware
Amd Epyc 7413 Firmware
Amd Epyc 7443 Firmware
Amd Epyc 7443p Firmware
Amd Epyc 7453 Firmware
Amd Epyc 74f3 Firmware
Amd Epyc 7513 Firmware
Amd Epyc 7543 Firmware
Amd Epyc 7543p Firmware
Amd Epyc 75f3 Firmware
Amd Epyc 7643 Firmware
Amd Epyc 7663 Firmware
Amd Epyc 7713 Firmware
Amd Epyc 7713p Firmware
Amd Epyc 7763 Firmware
8.2
CVSSv3
CVE-2016-5729
Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors.
Lenovo Bios Efi Driver -
6.7
CVSSv3
CVE-2019-0152
Insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT for certain Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
Intel Xeon Platinum 8253 Firmware -
Intel Xeon Platinum 8256 Firmware -
Intel Xeon Platinum 8260 Firmware -
Intel Xeon Platinum 8276 Firmware -
Intel Xeon Platinum 8276m Firmware -
Intel Xeon Platinum 8276l Firmware -
Intel Xeon Platinum 8280l Firmware -
Intel Xeon Platinum 8260l Firmware -
Intel Xeon Platinum 8280m Firmware -
Intel Xeon Platinum 8260m Firmware -
Intel Xeon Platinum 8280 Firmware -
Intel Xeon Platinum 8260y Firmware -
Intel Xeon Platinum 8268 Firmware -
Intel Xeon Platinum 8270 Firmware -
Intel Xeon Platinum 8274 Firmware -
Intel Xeon Platinum 8284 Firmware -
Intel Xeon Platinum 9242 Firmware -
Intel Xeon Platinum 9282 Firmware -
Intel Xeon Platinum 8153 Firmware -
Intel Xeon Platinum 8156 Firmware -
Intel Xeon Platinum 8158 Firmware -
Intel Xeon Platinum 8176 Firmware -
7.8
CVSSv3
CVE-2023-20563
Insufficient protections in System Management Mode (SMM) code may allow an malicious user to potentially enable escalation of privilege via local access.
Amd Ryzen 3 5100 Firmware
Amd Ryzen 3 5300g Firmware
Amd Ryzen 3 5300ge Firmware
Amd Ryzen 5 5500 Firmware
Amd Ryzen 5 5600g Firmware
Amd Ryzen 5 5600ge Firmware
Amd Ryzen 7 5700 Firmware
Amd Ryzen 7 5700g Firmware
Amd Ryzen 7 5700ge Firmware
Amd Ryzen 5 7500f Firmware
Amd Ryzen 5 7600 Firmware
Amd Ryzen 5 7600x Firmware
Amd Ryzen 7 7700 Firmware
Amd Ryzen 7 7700x Firmware
Amd Ryzen 7 7800x3d Firmware
Amd Ryzen 9 7900 Firmware
Amd Ryzen 9 7900x Firmware
Amd Ryzen 9 7900x3d Firmware
Amd Ryzen 9 7950x Firmware
Amd Ryzen 9 7950x3d Firmware
Amd Ryzen Pro 3900 Firmware
Amd Ryzen Pro 7645 Firmware
7.8
CVSSv3
CVE-2023-20565
Insufficient protections in System Management Mode (SMM) code may allow an malicious user to potentially enable escalation of privilege via local access.
Amd Ryzen 3 5100 Firmware
Amd Ryzen 3 5300g Firmware
Amd Ryzen 3 5300ge Firmware
Amd Ryzen 5 5500 Firmware
Amd Ryzen 5 5600g Firmware
Amd Ryzen 5 5600ge Firmware
Amd Ryzen 7 5700 Firmware
Amd Ryzen 7 5700g Firmware
Amd Ryzen 7 5700ge Firmware
Amd Ryzen 5 7500f Firmware
Amd Ryzen 5 7600 Firmware
Amd Ryzen 5 7600x Firmware
Amd Ryzen 7 7700 Firmware
Amd Ryzen 7 7700x Firmware
Amd Ryzen 7 7800x3d Firmware
Amd Ryzen 9 7900 Firmware
Amd Ryzen 9 7900x Firmware
Amd Ryzen 9 7900x3d Firmware
Amd Ryzen 9 7950x Firmware
Amd Ryzen 9 7950x3d Firmware
Amd Ryzen Pro 3900 Firmware
Amd Ryzen Pro 7645 Firmware
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »