Binarly Advisories

REsearch

Binarly Advisories

[BRLY-2022-070] OOB write vulnerability in SMI handler leads to arbitrary code execution in SMM.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a OOB write vulnerability that allows a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2022-023] SMM memory corruption vulnerability in Software SMI handler

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2022-017] SMM callout vulnerability in SMM driver (SMM arbitrary code execution).

BINARLY efiXplorer team

BINARLY efiXplorer team identified an SMM callout, which allows an attacker to access the System Management Mode and execute arbitrary code.

Read more

[BRLY-2022-018] SMM memory leak vulnerability in SMM driver (SMRAM read).

BINARLY efiXplorer team

BINARLY efiXplorer team identified an SMM memory leak vulnerability, which allows an attacker to read portions of SMRAM memory. This in turn could help building a successful attack vector exploiting SMM memory corruption vulnerability.

Read more

[BRLY-2022-022] SMM callout vulnerability in SMM driver (SMM arbitrary code execution).

BINARLY efiXplorer team

BINARLY efiXplorer team identified a SMM callout, which allows an attacker to access the System Management Mode and execute arbitrary code.

Read more

[BRLY-2022-024] SMM memory corruption vulnerability in SMM driver (SMRAM write).

BINARLY efiXplorer team

BINARLY efiXplorer team identified an SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2022-025] SMM memory leak vulnerability in SMM driver (SMRAM read).

BINARLY efiXplorer team

BINARLY efiXplorer team identified an SMM memory leak vulnerability, which allows an attacker to read portions of SMRAM memory. This in turn could help building a successful attack vector exploiting SMM memory corruption vulnerability.

Read more

[BRLY-2022-026] SMM memory corruption vulnerability in SMM driver (SMRAM write).

BINARLY efiXplorer team

BINARLY efiXplorer team identified an SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2022-028] Absence or incomplete applying the Return Stack Buffer (RSB) stuffing mitigation logic before resuming from SMM.

BINARLY efiXplorer team

BINARLY efiXplorer team discovered that most enterprise vendors are affected by not correctly applying the Return Stack Buffer (RSB) stuffing mitigation logic before resuming from SMM (RSM instruction).

Read more

[BRLY-2022-013] SMM memory corruption vulnerability in SMM driver on HP device (SMRAM write).

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered an SMM memory corruption vulnerability in an HP device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2022-003] SMM memory corruption vulnerability in SMM driver on Intel platforms.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered SMM memory corruption vulnerability on Intel platforms allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2022-012] SMM memory corruption vulnerability in SMM driver on HP device (SMRAM write).

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered an SMM memory corruption vulnerability in an HP device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2022-011] SMM memory corruption vulnerability in SMM driver on HP device (SMRAM write).

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered an SMM memory corruption vulnerability in an HP device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2022-016] Stack overflow vulnerability in SMI handler.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered stack overflow vulnerability in SMI handler on Intel platforms allowing a possible attacker to execute arbitrary code in SMM.

Read more

[BRLY-2021-047] SMM callout vulnerability in SMM driver on HP device (SMM arbitrary code execution).

BINARLY efiXplorer team

BINARLY efiXplorer team identified SMM callout on HP device, which allows a attacker to access the System Management Mode and execute arbitrary code.

Read more

[BRLY-2022-010] SMM memory corruption vulnerability in SMM driver on HP device (SMRAM write

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered an SMM memory corruption vulnerability in an HP device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-050] SMM memory corruption vulnerability in SMM driver on Intel platforms

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered SMM memory corruption vulnerability on Intel platforms allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-051] SMM memory corruption vulnerability in SMM driver on Intel platforms

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered SMM memory corruption vulnerability on Intel platforms allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-014] SMM memory corruption vulnerability in SMM driver on Fujitsu device (SMRAM write).

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability in Fujitsu devices allowing a possible attacker to write data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-045] SMM callout vulnerability in USBRT SMM driver on Dell devices (SMM arbitrary code execution)

BINARLY efiXplorer team

BINARLY efiXplorer team identified SMM callout on Dell platforms, which allows a attacker to access the System Management Mode and execute arbitrary code.

Read more

[BRLY-2021-043] SMM arbitrary code execution in USBRT SMM driver on Dell devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered SMM arbitrary code execution on Dell devices.

Read more

[BRLY-2021-046] SMM callout vulnerability in SMM driver on HP device (SMM arbitrary code execution).

BINARLY efiXplorer team

BINARLY efiXplorer team identified SMM callout on HP device, which allows a attacker to access the System Management Mode and execute arbitrary code.

Read more

[BRLY-2022-004] SMM arbitrary code execution in USBRT SMM driver on Dell devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered SMM arbitrary code execution on Dell devices.

Read more

[BRLY-2021-042] SMM memory corruption vulnerability in SMM driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-032] The heap buffer overflow vulnerability in child SW SMI handler on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a heap buffer overflow vulnerability in a child SW SMI handler on multiple HP devices that allows corruption of heap metadata.

Read more

[BRLY-2021-033] SMM memory corruption vulnerability in SMM driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-041] SMM callout vulnerability in SMM driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM callout vulnerability on multiple HP devices allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-037] SMM memory corruption vulnerability in SMM driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-038] The heap buffer overflow vulnerability in child SW SMI handler on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a heap buffer overflow vulnerability in the child SW SMI handler on multiple HP devices that allows heap data corruption.

Read more

[BRLY-2021-039] The heap buffer overflow vulnerability in child SW SMI handler on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a heap buffer overflow vulnerability in child SW SMI handler on multiple HP devices that allow corrupt heap metadata.

Read more

[BRLY-2021-040] SMM callout vulnerability in SMM driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM callout vulnerability on multiple HP devices allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-036] SMM memory corruption vulnerability in SMM driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-034] SMM memory corruption vulnerability in SMM driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-035] SMM memory corruption vulnerability in SMM driver on multiple HP devices.

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-017] SMM callout vulnerability in combined DXE/SMM on Fujitsu device (SMM arbitrary code execution)

BINARLY efiXplorer team

BINARLY efiXplorer team identified a SMM callout in a Fujitsu device, which allows an attacker to access the System Management Mode and execute arbitrary code.

Read more

[BRLY-2021-010] SMM memory corruption vulnerability in combined DXE/SMM driver on Fujitsu device (SMRAM write)

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability in a Fujitsu device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-009] SMM memory corruption vulnerability in combined DXE/SMM driver on Fujitsu device (SMRAM write)

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability in a Fujitsu device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-012] SMM memory corruption vulnerability in combined DXE/SMM driver on Fujitsu device (SMRAM write)

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability in Fujitsu devices allowing a possible attacker to write data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-004] SMM callout vulnerability in SMM driver on multiple HP devices (SMM arbitrary code execution).

BINARLY efiXplorer team

BINARLY efiXplorer team identified a SMM callout in multiple HP devices, which allows an attacker to access the System Management Mode and execute arbitrary code.

Read more

[BRLY-2021-011] SMM memory corruption vulnerability in combined DXE/SMM driver on Fujitsu device (SMRAM write)

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability in Fujitsu devices allowing a possible attacker to write data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-013] SMM memory corruption vulnerability in combined DXE/SMM driver on Fujitsu device (SMRAM write)

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability in Fujitsu devices allowing a possible attacker to write data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-030] SMM memory corruption vulnerability in combined DXE/SMM driver on BullSequana Edge server

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on a BullSequana Edge server allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-015] SMM memory corruption vulnerability in combined DXE/SMM on Fujitsu device (SMRAM write)

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability in a Fujitsu device allowing a possible attacker to write data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-016] SMM memory corruption vulnerability in combined DXE/SMM on Fujitsu device (SMRAM write)

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability in a Fujitsu device allowing a possible attacker to write data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-029] SMM memory corruption vulnerability in combined DXE/SMM driver on BullSequana Edge server

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on a BullSequana Edge server allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-028] SMM callout vulnerability in combined DXE/SMM driver on BullSequana Edge server

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM callout vulnerability on a BullSequana Edge server allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-027] SMM memory corruption vulnerability in combined DXE/SMM driver on BullSequana Edge server

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on a BullSequana Edge server allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-026] SMM memory corruption vulnerability in combined DXE/SMM driver on BullSequana Edge server

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on a BullSequana Edge server allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-025] SMM callout vulnerability in combined DXE/SMM driver on BullSequana Edge server

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM callout vulnerability on a BullSequana Edge server allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-024] SMM memory corruption vulnerability in combined DXE/SMM driver on BullSequana Edge server

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on a BullSequana Edge server allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-023] SMM callout vulnerability in combined DXE/SMM driver on BullSequana Edge server

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM callout vulnerability on a BullSequana Edge server allowing a possible attacker to hijack the execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-022] SMM callout vulnerability in combined DXE/SMM driver on BullSequana Edge server

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM callout vulnerability on a BullSequana Edge server allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-020] SMM callout vulnerability in combined DXE/SMM on Fujitsu device (SMM arbitrary code execution)

BINARLY efiXplorer team

BINARLY efiXplorer team identified a SMM callout in a Fujitsu device, which allows an attacker to access the System Management Mode and execute arbitrary code.

Read more

[BRLY-2021-019] SMM callout vulnerability in combined DXE/SMM on Fujitsu device (SMM arbitrary code execution)

BINARLY efiXplorer team

BINARLY efiXplorer team identified a SMM callout in a Fujitsu device, which allows an attacker to access the System Management Mode and execute arbitrary code.

Read more

[BRLY-2021-018] SMM callout vulnerability in combined DXE/SMM on Fujitsu device (SMM arbitrary code execution)

BINARLY efiXplorer team

BINARLY efiXplorer team identified a SMM callout in a Fujitsu device, which allows an attacker to access the System Management Mode and execute arbitrary code.

Read more

[BRLY-2021-008] SMM callout vulnerability in SMM driver on Fujitsu device (SMM arbitrary code execution).

BINARLY efiXplorer team

BINARLY efiXplorer team identified a SMM callout in a Fujitsu device, which allows an attacker to access the System Management Mode and execute arbitrary code.

Read more

[BRLY-2021-031] SMM callout vulnerability in combined DXE/SMM driver on BullSequana Edge server

BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM callout vulnerability on a BullSequana Edge server allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Read more

[BRLY-2021-001] SMM callout vulnerability on Lenovo ThinkPad laptops firmware (SMM arbitrary code execution)

BINARLY efiXplorer team

BINARLY efiXplorer team identified SMM callout in ThinkPad 13 2nd Gen, which allows a local privileged user to access the System Management Mode and execute arbitrary code.

Read more