CVSS: 10.0EPSS: 0%CPEs: 305EXPL: 0CVE-2023-39281
https://notcve.org/view.php?id=CVE-2023-39281
01 Nov 2023 — A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase. Una vulnerabilidad de desbordamiento del búfer de pila descubierta en AsfSecureBootDxe en Insyde InsydeH2O con kernel 5.0 a 5.5 permite a los atacantes ejecutar código arbitrario durante la fase DXE. • https://www.insyde.com/security-pledge • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 6%CPEs: 145EXPL: 2CVE-2023-20593 – hw: amd: Cross-Process Information Leak
https://notcve.org/view.php?id=CVE-2023-20593
24 Jul 2023 — An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. A flaw was found in hw, in “Zen 2” CPUs. This issue may allow an attacker to access sensitive information under specific microarchitectural circumstances. Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensiti... • https://github.com/sbaresearch/stop-zenbleed-win • CWE-209: Generation of Error Message Containing Sensitive Information CWE-1239: Improper Zeroization of Hardware Register •
CVSS: 4.7EPSS: 0%CPEs: 340EXPL: 0CVE-2022-27672 – kernel: AMD: Cross-Thread Return Address Predictions
https://notcve.org/view.php?id=CVE-2022-27672
14 Feb 2023 — When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. A flaw was found in HW. When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch, potentially resulting in information disclosure. When SMT is enabled, certain AMD processors may speculatively execute instructions using a targ... • https://security.gentoo.org/glsa/202402-07 •