CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42442 – Runtime Service Access outside SMRAM
https://notcve.org/view.php?id=CVE-2024-42442
12 Nov 2024 — APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System Management Mode. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024004.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33657 – Smm Callout in SmmComputrace Module
https://notcve.org/view.php?id=CVE-2024-33657
21 Aug 2024 — This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks. • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024003.pdf • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33656 – Memory Leak in SmmComuptrace Module
https://notcve.org/view.php?id=CVE-2024-33656
21 Aug 2024 — The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. This could lead to privilege escalation, arbitrary code execution, and bypassing OS security mechanisms • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/2024/AMI-SA-2024003.pdf • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-37297 – heap memory overflow
https://notcve.org/view.php?id=CVE-2023-37297
09 Jan 2024 — AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. El SPx de AMI contiene una vulnerabilidad en el BMC donde un atacante puede conllevar una corrupción de la memoria de la pila a través de una red adyacente. Una explotación exitosa de esta vulnerabilidad puede conducir a una pérdida de confidencialidad, integridad y/o ... • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-37296 – Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2023-37296
09 Jan 2024 — AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. El SPx de AMI contiene una vulnerabilidad en el BMC donde un atacante puede conllevar una corrupción de la memoria de la pila a través de una red adyacente. Una explotación exitosa de esta vulnerabilidad puede conducir a una pérdida de confidencialidad, integridad y/o... • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-37295 – Heap-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2023-37295
09 Jan 2024 — AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. El SPx de AMI contiene una vulnerabilidad en el BMC donde un atacante puede conllevar una corrupción de la memoria de la pila a través de una red adyacente. Una explotación exitosa de esta vulnerabilidad puede conducir a una pérdida de confidencialidad, integridad y/o ... • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-37294 – Heap-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2023-37294
09 Jan 2024 — AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. El SPx de AMI contiene una vulnerabilidad en el BMC donde un atacante puede conllevar una corrupción de la memoria de la pila a través de una red adyacente. Una explotación exitosa de esta vulnerabilidad puede conducir a una pérdida de confidencialidad, integridad y/o ... • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-37293 – stack-based buffer overflow
https://notcve.org/view.php?id=CVE-2023-37293
09 Jan 2024 — AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. El SPx de AMI contiene una vulnerabilidad en el BMC donde un atacante puede provocar un desbordamiento de búfer en la región stack de la memoria a través de una red adyacente. Una explotación exitosa de esta vulnerabilidad puede conducir a una pérdida de confidenc... • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34333 – Untrusted Pointer Dereference
https://notcve.org/view.php?id=CVE-2023-34333
09 Jan 2024 — AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference via a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. El SPx de AMI contiene una vulnerabilidad en el BMC donde un atacante puede provocar que un puntero que no es de confianza elimine la referencia a través de una red local. Una explotación exitosa de esta vulnerabilidad puede conducir a una pérdida de confidencia... • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-3043 – Stack-based Buffer Overflow BMC
https://notcve.org/view.php?id=CVE-2023-3043
09 Jan 2024 — AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. El SPx de AMI contiene una vulnerabilidad en el BMC donde un atacante puede provocar un desbordamiento de búfer en la región stack de la memoria a través de una red adyacente. Una explotación exitosa de esta vulnerabilidad puede conducir a una pérdida de confidenc... • https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •