Binarly Advisories

REsearch

Binarly Advisories

[BRLY-2021-032] The heap buffer overflow vulnerability in child SW SMI handler on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a heap buffer overflow vulnerability in a child SW SMI handler on multiple HP devices that allows corruption of heap metadata.

Read more

[BRLY-2021-041] SMM callout vulnerability in SMM driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM callout vulnerability on multiple HP devices allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-033] SMM memory corruption vulnerability in SMM driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-034] SMM memory corruption vulnerability in SMM driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-036] SMM memory corruption vulnerability in SMM driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-037] SMM memory corruption vulnerability in SMM driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-038] The heap buffer overflow vulnerability in child SW SMI handler on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a heap buffer overflow vulnerability in the child SW SMI handler on multiple HP devices that allows heap data corruption.

Read more

[BRLY-2021-039] The heap buffer overflow vulnerability in child SW SMI handler on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a heap buffer overflow vulnerability in child SW SMI handler on multiple HP devices that allow corrupt heap metadata.

Read more

[BRLY-2021-040] SMM callout vulnerability in SMM driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM callout vulnerability on multiple HP devices allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-035] SMM memory corruption vulnerability in SMM driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-003] The stack buffer overflow vulnerability leads to arbitrary code execution in UEFI application on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack buffer overflow vulnerability that allows a local priviledged user to access UEFI Runtime DXE application and execute arbitrary code.

Read more

[BRLY-2021-042] SMM memory corruption vulnerability in SMM driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-004] SMM callout vulnerability in SMM driver on multiple HP devices (SMM arbitrary code execution).

BINARLY efiXplorer team

BINARLY efiXplorer team identified a SMM callout in multiple HP devices, which allows an attacker to access the System Management Mode and execute arbitrary code.

Read more