Binarly Advisories

REsearch

Binarly Advisories

Vulnerability Category Count CVSS Score CWE
SMM Memory Corruption 43 7.9 High CWE-121CWE-787
PEI Memory Corruption 3 7.9 High CWE-123CWE-121
SMM Arbitrary Code Execution 26 7.8 High CWE-20CWE-829CWE-119
DXE Memory Corruption 41 7.7 High CWE-121
DXE Arbitrary Code Execution 1 7.7 High CWE-20
SMM Memory Content Disclosure 4 6.0 Medium CWE-119CWE-125
Mitigation Failures 2 6.0 Medium CWE-693
DXE Memory Content Disclosure 112 5.2 Medium CWE-125

Vulnerability category: SMM Memory Corruption

Count:
43
CVSS Score
7.9 High
CWE:
CWE-121CWE-787

Vulnerability category: PEI Memory Corruption

Count:
3
CVSS Score
7.9 High
CWE:
CWE-123CWE-121

Vulnerability category: SMM Arbitrary Code Execution

Count:
26
CVSS Score
7.8 High
CWE:
CWE-20CWE-829CWE-119

Vulnerability category: DXE Memory Corruption

Count:
41
CVSS Score
7.7 High
CWE:
CWE-121

Vulnerability category: DXE Arbitrary Code Execution

Count:
1
CVSS Score
7.7 High
CWE:
CWE-20

Vulnerability category: SMM Memory Content Disclosure

Count:
4
CVSS Score
6.0 Medium
CWE:
CWE-119CWE-125

Vulnerability category: Mitigation Failures

Count:
2
CVSS Score
6.0 Medium
CWE:
CWE-693

Vulnerability category: DXE Memory Content Disclosure

Count:
112
CVSS Score
5.2 Medium
CWE:
CWE-125

[BRLY-2023-018] Multiple vulnerabilities in image parsing functions can be exploited by an attacker with local access.

BINARLY efiXplorer team

Intel firmware allows end-users to customize the logo shown on the display of a device during boot. BINARLY REsearch team has uncovered multiple critical vulnerabilities in the libraries used to parse image data formats and thus logos. This vulnerability poses a high-severity risk as it introduces an unexplored attack surface that can be exploited by malicious actors with administrative access to a device. Our analysis over a dataset of Intel firmware identified 42 unique Intel products affected by this issue, including devices running firmware developed by American Megatrends. Given the systemic industry-wise scope of this vulnerability we will refer to it as LogoFAIL.

Read more

[BRLY-2023-006] Multiple vulnerabilities in image parsing functions can be exploited by an attacker with local access.

BINARLY efiXplorer team

Lenovo firmware allows end-users to customize the logo displayed by a device during boot. BINARLY REsearch team has uncovered multiple critical vulnerabilities in the image parsing libraries used to parse customized boot logos. This vulnerability poses a high-severity risk as it introduces an unexplored attack surface that can be exploited by malicious actors with only write permissions over the EFI System Partition (ESP) of a device. Our analysis over a dataset of Lenovo firmware identified hundreds of Lenovo products affected by this issue, including devices running firmware developed by Insyde Software, American Megatrends International and Phoenix Technologies. Given the systemic industry-wise scope of this vulnerability we will refer to it as LogoFAIL.

Read more

[BRLY-2022-041] The stack memory contents leak / information disclosure vulnerability in DXE driver.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack memory contents leak / information disclosure vulnerability that allows a potencial attacker to write stack memory to NVRAM variable.

Read more

[BRLY-2022-040] The stack memory contents leak / information disclosure vulnerability in DXE driver.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack memory contents leak / information disclosure vulnerability that allows a potencial attacker to write stack memory to NVRAM variable.

Read more

[BRLY-2022-039] SMRAM memory contents leak / information disclosure vulnerability in SMM driver (SMRAM read).

BINARLY efiXplorer team

BINARLY efiXplorer team identified an SMM memory contents leak / information disclosure vulnerability, which allows an attacker to read portions of SMRAM memory. This in turn could help building a successful attack vector exploiting SMM memory corruption vulnerability.

Read more

[BRLY-2022-038] Stack buffer overflow vulnerability leads to arbitrary code execution in a DXE driver on Intel platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack overflow vulnerability that allows a local root user to access a UEFI DXE driver and execute arbitrary code.

Read more

[BRLY-2023-011] Stored cross-site scripting vulnerability in Supermicro BMC IPMI firmware in multiple webpages using language cookie value

BINARLY efiXplorer team

BINARLY team has discovered a stored DOM-based cross-site scripting (XSS) vulnerability in multiple webpages that uses language cookie value, included in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to gain access to an account with administrator privileges.

Read more

[BRLY-2023-012] Stored cross-site scripting vulnerability in Supermicro BMC IPMI firmware in the man_ikvm_html5_bootstrap and man_ikvm_html5_bootstrap_vm webpages using lang local storage item

BINARLY efiXplorer team

BINARLY team has discovered a stored DOM-based cross-site scripting (XSS) vulnerability in the man_ikvm_html5_bootstrap and man_ikvm_html5_bootstrap_vm webpages that uses lang local storage item, included in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to gain access to an account with administrator privileges.

Read more

[BRLY-2023-009] Cross-site scripting vulnerability in Supermicro BMC IPMI firmware in the config_ssl_fw_reset webpage using port GET parameter

BINARLY efiXplorer team

BINARLY team has discovered a DOM-based cross-site scripting (XSS) vulnerability in the config_ssl_fw_reset webpage that uses port GET parameter, included in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to gain access to an account with administrator privileges.

Read more

[BRLY-2023-010] Cross-site scripting vulnerability in Supermicro BMC IPMI firmware in the servh_storage_create and servh_storage_add webpages using the hash property of the URL

BINARLY efiXplorer team

BINARLY team has discovered a DOM-based cross-site scripting (XSS) vulnerability in servh_storage_create and servh_storage_add webpages that uses hash property of the URL, included in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to gain access to an account with administrator privileges. This attack works on IE11 and Microsoft Edge in Internet Explorer mode.

Read more

[BRLY-2023-001] Command injection vulnerability in Supermicro BMC IPMI firmware

BINARLY efiXplorer team

BINARLY team has discovered a command injection vulnerability in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to execute arbitrary code.

Read more

[BRLY-2023-007] Cross-site scripting vulnerability in Supermicro BMC IPMI firmware in the config_ip_ctrl_change webpage using index GET parameter

BINARLY efiXplorer team

BINARLY team has discovered a DOM-based cross-site scripting (XSS) vulnerability in the config_ip_ctrl_change webpage that uses index GET parameter, included in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to gain access to an account with administrator privileges.

Read more

[BRLY-2023-008] Cross-site scripting vulnerability in Supermicro BMC IPMI firmware in the modify_nm_policy webpage using pdomain GET parameter

BINARLY efiXplorer team

BINARLY team has discovered a DOM-based cross-site scripting (XSS) vulnerability in the modify_nm_policy webpage that uses pdomain GET parameter, included in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to gain access to an account with administrator privileges.

Read more

[BRLY-2022-173] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-126] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-118] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-174] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2023-021] The Denial Of Service (DoS) vulnerability during PEI phase in EDK2 codebase

BINARLY efiXplorer team

The BINARLY efiXplorer team has identified a PEI-phase Denial of Service (DoS) vulnerability in the EDK2 codebase, which can be exploited by an attacker capable of modifying physical memory.

Read more

[BRLY-2022-101] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-147] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-123] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-148] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-150] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-155] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-156] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-158] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-160] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-165] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-169] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-159] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-121] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-100] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-119] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-122] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-124] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-127] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-129] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-146] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-144] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-070] OOB write vulnerability in SMI handler leads to arbitrary code execution in SMM.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a OOB write vulnerability that allows a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2022-087] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-054] Stack buffer overflow vulnerability leads to arbitrary code execution in DXE driver on multiple Dell platforms.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack overflow vulnerability that allows a potential attacker to access UEFI DXE driver and execute arbitrary code.

Read more

[BRLY-2022-055] Stack buffer overflow vulnerability leads to arbitrary code execution in DXE driver on multiple Dell platforms.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack overflow vulnerability that allows a potential attacker to access UEFI DXE driver and execute arbitrary code.

Read more

[BRLY-2022-065] Stack buffer overflow vulnerability leads to arbitrary code execution in DXE driver on multiple Dell platforms.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack overflow vulnerability that allows a potential attacker to access UEFI DXE driver and execute arbitrary code.

Read more

[BRLY-2022-125] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-131] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-145] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-099] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.

Read more

[BRLY-2022-042] SMM callout vulnerability in SMM driver on AMD-based Gigabyte devices.

BINARLY efiXplorer team

The BINARLY efiXplorer team has discovered an SMM callout vulnerability on a Gigabyte device allowing a potential attacker to hijack execution flow of code running in the System Management Mode. Exploitation of this issue could lead to escalation of privileges to SMM.

Read more

[BRLY-2022-043] SMM callout vulnerability in SMM driver on AMD-based Gigabyte devices.

BINARLY efiXplorer team

The BINARLY efiXplorer team has discovered an SMM callout vulnerability on a Gigabyte device allowing a potential attacker to hijack execution flow of code running in the System Management Mode. Exploitation of this issue could lead to escalation of privileges to SMM.

Read more

[BRLY-2022-044] SMM callout vulnerability in SMM driver on AMD-based Gigabyte devices.

BINARLY efiXplorer team

The BINARLY efiXplorer team has discovered an SMM callout vulnerability on a Gigabyte device allowing a potential attacker to hijack execution flow of code running in the System Management Mode. Exploitation of this issue could lead to escalation of privileges to SMM.

Read more

[BRLY-2022-020] The stack buffer overflow vulnerability leads to arbitrary code execution.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack buffer overflow vulnerability that allows a attacker to execute arbitrary code.

Read more

[BRLY-2022-019] The stack buffer overflow vulnerability leads to arbitrary code execution.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack buffer overflow vulnerability that allows a attacker to execute arbitrary code.

Read more

[BRLY-2022-021] The stack buffer overflow vulnerability leads to arbitrary code execution.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack buffer overflow vulnerability that allows a attacker to execute arbitrary code.

Read more

[BRLY-2022-032] The stack memory leak vulnerability in DXE driver.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack memory leak vulnerability that allows a potencial attacker to write stack memory to NVRAM variable.

Read more

[BRLY-2022-035] Stack memory leak vulnerability in DXE driver.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack memory leak vulnerability that allows a potential attacker to write stack memory to NVRAM variable.

Read more

[BRLY-2022-029] The stack buffer overflow vulnerability leads to arbitrary code execution during DXE phase.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack buffer overflow vulnerability that allows an attacker to execute arbitrary code.

Read more

[BRLY-2022-036] The stack memory leak vulnerability in DXE driver.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack memory leak vulnerability that allows a potencial attacker to write stack memory to NVRAM variable.

Read more

[BRLY-2022-034] Stack memory leak vulnerability in DXE driver.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack memory leak vulnerability that allows a potential attacker to write stack memory to NVRAM variable.

Read more

[BRLY-2022-030] The stack buffer overflow vulnerability leads to arbitrary code execution during DXE phase.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack buffer overflow vulnerability that allows an attacker to execute arbitrary code.

Read more

[BRLY-2022-037] The stack memory leak vulnerability in DXE driver.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack memory leak vulnerability that allows a potencial attacker to write stack memory to NVRAM variable.

Read more

[BRLY-2022-033] Stack buffer overflow vulnerability leading to arbitrary code execution during DXE phase.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack buffer overflow vulnerability that allows an attacker to execute arbitrary code.

Read more

[BRLY-2022-031] The stack memory leak vulnerability in DXE driver.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack memory leak vulnerability that allows a potencial attacker to write stack memory to NVRAM variable.

Read more

[BRLY-2022-001] Stack buffer overflow vulnerability leads to arbitrary code execution in a DXE driver on Intel platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack overflow vulnerability that allows a local root user to access a UEFI DXE driver and execute arbitrary code.

Read more

[BRLY-2022-023] SMM memory corruption vulnerability in Software SMI handler

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2022-017] SMM callout vulnerability in SMM driver (SMM arbitrary code execution).

BINARLY efiXplorer team

BINARLY efiXplorer team identified an SMM callout, which allows an attacker to access the System Management Mode and execute arbitrary code.

Read more

[BRLY-2022-018] SMM memory leak vulnerability in SMM driver (SMRAM read).

BINARLY efiXplorer team

BINARLY efiXplorer team identified an SMM memory leak vulnerability, which allows an attacker to read portions of SMRAM memory. This in turn could help building a successful attack vector exploiting SMM memory corruption vulnerability.

Read more

[BRLY-2022-022] SMM callout vulnerability in SMM driver (SMM arbitrary code execution).

BINARLY efiXplorer team

BINARLY efiXplorer team identified a SMM callout, which allows an attacker to access the System Management Mode and execute arbitrary code.

Read more

[BRLY-2022-024] SMM memory corruption vulnerability in SMM driver (SMRAM write).

BINARLY efiXplorer team

BINARLY efiXplorer team identified an SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2022-025] SMM memory leak vulnerability in SMM driver (SMRAM read).

BINARLY efiXplorer team

BINARLY efiXplorer team identified an SMM memory leak vulnerability, which allows an attacker to read portions of SMRAM memory. This in turn could help building a successful attack vector exploiting SMM memory corruption vulnerability.

Read more

[BRLY-2022-026] SMM memory corruption vulnerability in SMM driver (SMRAM write).

BINARLY efiXplorer team

BINARLY efiXplorer team identified an SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2022-028] Absence or incomplete applying the Return Stack Buffer (RSB) stuffing mitigation logic before resuming from SMM.

BINARLY efiXplorer team

BINARLY efiXplorer team discovered that most enterprise vendors are affected by not correctly applying the Return Stack Buffer (RSB) stuffing mitigation logic before resuming from SMM (RSM instruction).

Read more

[BRLY-2022-013] SMM memory corruption vulnerability in SMM driver on HP device (SMRAM write).

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered an SMM memory corruption vulnerability in an HP device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2022-003] SMM memory corruption vulnerability in SMM driver on Intel platforms.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered SMM memory corruption vulnerability on Intel platforms allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2022-027] The stack buffer overflow vulnerability leads to arbitrary code execution during PEI phase on Intel platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack buffer overflow vulnerability on Intel platforms allowing a possible attacker to execute arbitrary code during PEI phase.

Read more

[BRLY-2022-012] SMM memory corruption vulnerability in SMM driver on HP device (SMRAM write).

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered an SMM memory corruption vulnerability in an HP device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2022-015] The arbitrary code execution in DXE driver.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered the ability of arbitrary code execution in DXE driver.

Read more

[BRLY-2022-014] Arbitrary write vulnerability in PEI module leads to arbitrary code execution during PEI phase.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a arbitrary write vulnerability in PEI module allowing a possible attacker to execute arbitrary code during PEI phase.

Read more

[BRLY-2022-011] SMM memory corruption vulnerability in SMM driver on HP device (SMRAM write).

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered an SMM memory corruption vulnerability in an HP device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2022-016] Stack overflow vulnerability in SMI handler.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered stack overflow vulnerability in SMI handler on Intel platforms allowing a possible attacker to execute arbitrary code in SMM.

Read more

[BRLY-2022-009] The arbitrary write vulnerability leads to arbitrary code execution during PEI phase on Intel platform.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a arbitrary write vulnerability on Intel platforms allowing a possible attacker to execute arbitrary code during PEI phase.

Read more

[BRLY-2021-047] SMM callout vulnerability in SMM driver on HP device (SMM arbitrary code execution).

BINARLY efiXplorer team

BINARLY efiXplorer team identified SMM callout on HP device, which allows a attacker to access the System Management Mode and execute arbitrary code.

Read more

[BRLY-2022-010] SMM memory corruption vulnerability in SMM driver on HP device (SMRAM write

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered an SMM memory corruption vulnerability in an HP device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-050] SMM memory corruption vulnerability in SMM driver on Intel platforms

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered SMM memory corruption vulnerability on Intel platforms allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-051] SMM memory corruption vulnerability in SMM driver on Intel platforms

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered SMM memory corruption vulnerability on Intel platforms allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-053] The stack buffer overflow vulnerability leads to arbitrary code execution in DXE driver on Intel platform

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack overflow vulnerability that allows a local root user to access UEFI DXE driver and execute arbitrary code.

Read more

[BRLY-2021-014] SMM memory corruption vulnerability in SMM driver on Fujitsu device (SMRAM write).

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability in Fujitsu devices allowing a possible attacker to write data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-045] SMM callout vulnerability in USBRT SMM driver on Dell devices (SMM arbitrary code execution)

BINARLY efiXplorer team

BINARLY efiXplorer team identified SMM callout on Dell platforms, which allows a attacker to access the System Management Mode and execute arbitrary code.

Read more

[BRLY-2021-043] SMM arbitrary code execution in USBRT SMM driver on Dell devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered SMM arbitrary code execution on Dell devices.

Read more

[BRLY-2021-046] SMM callout vulnerability in SMM driver on HP device (SMM arbitrary code execution).

BINARLY efiXplorer team

BINARLY efiXplorer team identified SMM callout on HP device, which allows a attacker to access the System Management Mode and execute arbitrary code.

Read more

[BRLY-2022-004] SMM arbitrary code execution in USBRT SMM driver on Dell devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered SMM arbitrary code execution on Dell devices.

Read more

[BRLY-2021-042] SMM memory corruption vulnerability in SMM driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-032] The heap buffer overflow vulnerability in child SW SMI handler on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a heap buffer overflow vulnerability in a child SW SMI handler on multiple HP devices that allows corruption of heap metadata.

Read more

[BRLY-2021-033] SMM memory corruption vulnerability in SMM driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-041] SMM callout vulnerability in SMM driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM callout vulnerability on multiple HP devices allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-037] SMM memory corruption vulnerability in SMM driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-038] The heap buffer overflow vulnerability in child SW SMI handler on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a heap buffer overflow vulnerability in the child SW SMI handler on multiple HP devices that allows heap data corruption.

Read more

[BRLY-2021-039] The heap buffer overflow vulnerability in child SW SMI handler on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a heap buffer overflow vulnerability in child SW SMI handler on multiple HP devices that allow corrupt heap metadata.

Read more

[BRLY-2021-040] SMM callout vulnerability in SMM driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM callout vulnerability on multiple HP devices allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-036] SMM memory corruption vulnerability in SMM driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-034] SMM memory corruption vulnerability in SMM driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-035] SMM memory corruption vulnerability in SMM driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-017] SMM callout vulnerability in combined DXE/SMM on Fujitsu device (SMM arbitrary code execution)

BINARLY efiXplorer team

BINARLY efiXplorer team identified a SMM callout in a Fujitsu device, which allows an attacker to access the System Management Mode and execute arbitrary code.

Read more

[BRLY-2021-010] SMM memory corruption vulnerability in combined DXE/SMM driver on Fujitsu device (SMRAM write)

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability in a Fujitsu device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-009] SMM memory corruption vulnerability in combined DXE/SMM driver on Fujitsu device (SMRAM write)

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability in a Fujitsu device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-012] SMM memory corruption vulnerability in combined DXE/SMM driver on Fujitsu device (SMRAM write)

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability in Fujitsu devices allowing a possible attacker to write data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-005] The stack buffer overflow vulnerability leads to arbitrary code execution in UEFI DXE driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack overflow vulnerability that allows a local priviledged user to access UEFI DXE driver and execute arbitrary code.

Read more

[BRLY-2021-004] SMM callout vulnerability in SMM driver on multiple HP devices (SMM arbitrary code execution).

BINARLY efiXplorer team

BINARLY efiXplorer team identified a SMM callout in multiple HP devices, which allows an attacker to access the System Management Mode and execute arbitrary code.

Read more

[BRLY-2021-006] The stack buffer overflow vulnerability leads to arbitrary code execution in UEFI DXE driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack overflow vulnerability that allows a local priviledged user to access UEFI DXE driver and execute arbitrary code.

Read more

[BRLY-2021-007] The stack buffer overflow vulnerability leads to arbitrary code execution in UEFI application on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack overflow vulnerability that allows a local root user to access UEFI Runtime DXE application and execute arbitrary code.

Read more

[BRLY-2021-011] SMM memory corruption vulnerability in combined DXE/SMM driver on Fujitsu device (SMRAM write)

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability in Fujitsu devices allowing a possible attacker to write data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-013] SMM memory corruption vulnerability in combined DXE/SMM driver on Fujitsu device (SMRAM write)

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability in Fujitsu devices allowing a possible attacker to write data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-003] The stack buffer overflow vulnerability leads to arbitrary code execution in UEFI application on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack buffer overflow vulnerability that allows a local priviledged user to access UEFI Runtime DXE application and execute arbitrary code.

Read more

[BRLY-2021-030] SMM memory corruption vulnerability in combined DXE/SMM driver on BullSequana Edge server

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on a BullSequana Edge server allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-015] SMM memory corruption vulnerability in combined DXE/SMM on Fujitsu device (SMRAM write)

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability in a Fujitsu device allowing a possible attacker to write data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-016] SMM memory corruption vulnerability in combined DXE/SMM on Fujitsu device (SMRAM write)

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability in a Fujitsu device allowing a possible attacker to write data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-029] SMM memory corruption vulnerability in combined DXE/SMM driver on BullSequana Edge server

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on a BullSequana Edge server allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-028] SMM callout vulnerability in combined DXE/SMM driver on BullSequana Edge server

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM callout vulnerability on a BullSequana Edge server allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-027] SMM memory corruption vulnerability in combined DXE/SMM driver on BullSequana Edge server

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on a BullSequana Edge server allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-026] SMM memory corruption vulnerability in combined DXE/SMM driver on BullSequana Edge server

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on a BullSequana Edge server allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-025] SMM callout vulnerability in combined DXE/SMM driver on BullSequana Edge server

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM callout vulnerability on a BullSequana Edge server allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-024] SMM memory corruption vulnerability in combined DXE/SMM driver on BullSequana Edge server

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on a BullSequana Edge server allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-023] SMM callout vulnerability in combined DXE/SMM driver on BullSequana Edge server

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM callout vulnerability on a BullSequana Edge server allowing a possible attacker to hijack the execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-022] SMM callout vulnerability in combined DXE/SMM driver on BullSequana Edge server

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM callout vulnerability on a BullSequana Edge server allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-020] SMM callout vulnerability in combined DXE/SMM on Fujitsu device (SMM arbitrary code execution)

BINARLY efiXplorer team

BINARLY efiXplorer team identified a SMM callout in a Fujitsu device, which allows an attacker to access the System Management Mode and execute arbitrary code.

Read more

[BRLY-2021-019] SMM callout vulnerability in combined DXE/SMM on Fujitsu device (SMM arbitrary code execution)

BINARLY efiXplorer team

BINARLY efiXplorer team identified a SMM callout in a Fujitsu device, which allows an attacker to access the System Management Mode and execute arbitrary code.

Read more

[BRLY-2021-018] SMM callout vulnerability in combined DXE/SMM on Fujitsu device (SMM arbitrary code execution)

BINARLY efiXplorer team

BINARLY efiXplorer team identified a SMM callout in a Fujitsu device, which allows an attacker to access the System Management Mode and execute arbitrary code.

Read more

[BRLY-2021-008] SMM callout vulnerability in SMM driver on Fujitsu device (SMM arbitrary code execution).

BINARLY efiXplorer team

BINARLY efiXplorer team identified a SMM callout in a Fujitsu device, which allows an attacker to access the System Management Mode and execute arbitrary code.

Read more

[BRLY-2021-031] SMM callout vulnerability in combined DXE/SMM driver on BullSequana Edge server

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM callout vulnerability on a BullSequana Edge server allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-021] The stack buffer overflow vulnerability leads to arbitrary code execution in UEFI DXE driver on BullSequana Edge server.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack overflow vulnerability that allows a local priviledged user to access UEFI DXE driver and execute arbitrary code.

Read more

[BRLY-2021-002] Lenovo system firmware has missing coverage with Boot Guard protected ranges (IBB) for UEFI modules

BINARLY efiXplorer team

BINARLY efiXplorer team identified several Lenovo devices do not properly protect UEFI system firmware modules with Intel Boot Guard technolody (missing protection coverage Boot Guard IBB hash), which allows an attacker with write access to the SPI flash storage (such as with physical access or leveraging a BIOS write protection bypass vulnerability) to install a persistent backdoor/implant.

Read more

[BRLY-2021-001] SMM callout vulnerability on Lenovo ThinkPad laptops firmware (SMM arbitrary code execution)

BINARLY efiXplorer team

BINARLY efiXplorer team identified SMM callout in ThinkPad 13 2nd Gen, which allows a local privileged user to access the System Management Mode and execute arbitrary code.

Read more