vulnerabilities

Vulnerability REsearch

Vulnerabillity Category

PEI Memory Corruption SMM Memory Corruption DXE Memory Corruption Mitigation Failures

Count

3 57 10 2

Average Impact

CVSS: 8.0 (High) CVSS: 8.0 (High) CVSS: 7.7 (High) CVSS: 6.0 (HighMedium)
[BRLY-2022-001]
Stack buffer overflow vulnerability leads to arbitrary code execution in a DXE driver on Intel platform.
November 9, 2022
DXE
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack overflow vulnerability that allows a local root user to access a UEFI DXE driver and execute arbitrary code.

Read more
[BRLY-2022-026]
SMM memory corruption vulnerability in SMM driver (SMRAM write).
September 21, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team identified an SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2022-025]
SMM memory leak vulnerability in SMM driver (SMRAM read).
September 21, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team identified an SMM memory leak vulnerability, which allows an attacker to read portions of SMRAM memory. This in turn could help building a successful attack vector exploiting SMM memory corruption vulnerability.

Read more
[BRLY-2022-024]
SMM memory corruption vulnerability in SMM driver (SMRAM write).
September 21, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team identified an SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2022-023]
SMM memory corruption vulnerability in Software SMI handler
September 21, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2022-022]
SMM callout vulnerability in SMM driver (SMM arbitrary code execution).
September 21, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team identified a SMM callout, which allows an attacker to access the System Management Mode and execute arbitrary code.

Read more
[BRLY-2022-018]
SMM memory leak vulnerability in SMM driver (SMRAM read).
September 21, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team identified an SMM memory leak vulnerability, which allows an attacker to read portions of SMRAM memory. This in turn could help building a successful attack vector exploiting SMM memory corruption vulnerability.

Read more
[BRLY-2022-017]
SMM callout vulnerability in SMM driver (SMM arbitrary code execution).
September 21, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team identified an SMM callout, which allows an attacker to access the System Management Mode and execute arbitrary code.

Read more
[BRLY-2022-028]
Absence or incomplete applying the Return Stack Buffer (RSB) stuffing mitigation logic before resuming from SMM.
August 15, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team discovered that most enterprise vendors are affected by not correctly applying the Return Stack Buffer (RSB) stuffing mitigation logic before resuming from SMM (RSM instruction).

Read more
[BRLY-2022-027]
The stack buffer overflow vulnerability leads to arbitrary code execution during PEI phase on Intel platform.
August 10, 2022
PEI
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack buffer overflow vulnerability on Intel platforms allowing a possible attacker to execute arbitrary code during PEI phase.

Read more
[BRLY-2022-016]
Stack overflow vulnerability in SMI handler.
August 10, 2022
SMI
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered stack overflow vulnerability in SMI handler on Intel platforms allowing a possible attacker to execute arbitrary code in SMM.

Read more
[BRLY-2022-015]
The arbitrary code execution in DXE driver.
August 10, 2022
DXE
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered the ability of arbitrary code execution in DXE driver.

Read more
[BRLY-2022-014]
Arbitrary write vulnerability in PEI module leads to arbitrary code execution during PEI phase.
August 10, 2022
PEI
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a arbitrary write vulnerability in PEI module allowing a possible attacker to execute arbitrary code during PEI phase.

Read more
[BRLY-2022-013]
SMM memory corruption vulnerability in SMM driver on HP device (SMRAM write).
August 10, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered an SMM memory corruption vulnerability in an HP device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2022-012]
SMM memory corruption vulnerability in SMM driver on HP device (SMRAM write).
August 10, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered an SMM memory corruption vulnerability in an HP device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2022-011]
SMM memory corruption vulnerability in SMM driver on HP device (SMRAM write).
August 10, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered an SMM memory corruption vulnerability in an HP device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2022-009]
The arbitrary write vulnerability leads to arbitrary code execution during PEI phase on Intel platform.
August 10, 2022
PEI
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a arbitrary write vulnerability on Intel platforms allowing a possible attacker to execute arbitrary code during PEI phase.

Read more
[BRLY-2022-003]
SMM memory corruption vulnerability in SMM driver on Intel platforms.
August 10, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered SMM memory corruption vulnerability on Intel platforms allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2022-010]
SMM memory corruption vulnerability in SMM driver on HP device (SMRAM writeread).
August 3, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered an SMM memory corruption vulnerability in an HP device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-047]
SMM callout vulnerability in SMM driver on HP device (SMM arbitrary code execution).
August 3, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team identified SMM callout on HP device, which allows a attacker to access the System Management Mode and execute arbitrary code.

Read more
[BRLY-2021-046]
SMM callout vulnerability in SMM driver on HP device (SMM arbitrary code execution).
August 3, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team identified SMM callout on HP device, which allows a attacker to access the System Management Mode and execute arbitrary code.

Read more
[BRLY-2021-053]
The stack buffer overflow vulnerability leads to arbitrary code execution in DXE driver on Intel platform
May 23, 2022
DXE
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack overflow vulnerability that allows a local root user to access UEFI DXE driver and execute arbitrary code.

Read more
[BRLY-2021-051]
SMM memory corruption vulnerability in SMM driver on Intel platforms
May 23, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered SMM memory corruption vulnerability on Intel platforms allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-050]
SMM memory corruption vulnerability in SMM driver on Intel platforms
May 23, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered SMM memory corruption vulnerability on Intel platforms allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-014]
SMM memory corruption vulnerability in SMM driver on Fujitsu device (SMRAM write).
May 10, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability in Fujitsu devices allowing a possible attacker to write data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2022-004]
SMM arbitrary code execution in USBRT SMM driver on Dell devices.
March 21, 2022
Dell
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered SMM arbitrary code execution on Dell devices.

Read more
[BRLY-2021-045]
SMM callout vulnerability in USBRT SMM driver on Dell devices (SMM arbitrary code execution)
March 21, 2022
Dell
BINARLY efiXplorer team

BINARLY efiXplorer team identified SMM callout on Dell platforms, which allows a attacker to access the System Management Mode and execute arbitrary code.

Read more
[BRLY-2021-043]
SMM arbitrary code execution in USBRT SMM driver on Dell devices.
March 21, 2022
Dell
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered SMM arbitrary code execution on Dell devices.

Read more
[BRLY-2021-042]
SMM memory corruption vulnerability in SMM driver on multiple HP devices.
March 08, 2022
UEFI
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-041]
SMM callout vulnerability in SMM driver on multiple HP devices.
March 08, 2022
UEFI
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM callout vulnerability on multiple HP devices allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-040]
SMM callout vulnerability in SMM driver on multiple HP devices.
March 08, 2022
UEFI
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM callout vulnerability on multiple HP devices allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-039]
The heap buffer overflow vulnerability in child SW SMI handler on multiple HP devices.
March 08, 2022
UEFI
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a heap buffer overflow vulnerability in child SW SMI handler on multiple HP devices that allow corrupt heap metadata.

Read more
[BRLY-2021-038]
The heap buffer overflow vulnerability in child SW SMI handler on multiple HP devices.
March 08, 2022
UEFI
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a heap buffer overflow vulnerability in the child SW SMI handler on multiple HP devices that allows heap data corruption.

Read more
[BRLY-2021-037]
SMM memory corruption vulnerability in SMM driver on multiple HP devices.
March 08, 2022
UEFI
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-036]
SMM memory corruption vulnerability in SMM driver on multiple HP devices.
March 08, 2022
UEFI
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-035]
SMM memory corruption vulnerability in SMM driver on multiple HP devices.
March 08, 2022
UEFI
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-034]
SMM memory corruption vulnerability in SMM driver on multiple HP devices.
March 08, 2022
UEFI
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-033]
SMM memory corruption vulnerability in SMM driver on multiple HP devices.
March 08, 2022
UEFI
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-032]
The heap buffer overflow vulnerability in child SW SMI handler on multiple HP devices.
March 08, 2022
UEFI
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a heap buffer overflow vulnerability in a child SW SMI handler on multiple HP devices that allows corruption of heap metadata.

Read more
[BRLY-2021-007]
The stack buffer overflow vulnerability leads to arbitrary code execution in UEFI application on multiple HP devices.
February 04, 2022
UEFI
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack overflow vulnerability that allows a local root user to access UEFI Runtime DXE application and execute arbitrary code.

Read more
[BRLY-2021-006]
The stack buffer overflow vulnerability leads to arbitrary code execution in UEFI DXE driver on multiple HP devices.
February 04, 2022
UEFI
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack overflow vulnerability that allows a local priviledged user to access UEFI DXE driver and execute arbitrary code.

Read more
[BRLY-2021-005]
The stack buffer overflow vulnerability leads to arbitrary code execution in UEFI DXE driver on multiple HP devices.
February 04, 2022
UEFI
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack overflow vulnerability that allows a local priviledged user to access UEFI DXE driver and execute arbitrary code.

Read more
[BRLY-2021-004]
SMM callout vulnerability in SMM driver on multiple HP devices (SMM arbitrary code execution).
February 04, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team identified a SMM callout in multiple HP devices, which allows an attacker to access the System Management Mode and execute arbitrary code.

Read more
[BRLY-2021-003]
The stack buffer overflow vulnerability leads to arbitrary code execution in UEFI application on multiple HP devices.
February 04, 2022
UEFI
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack buffer overflow vulnerability that allows a local priviledged user to access UEFI Runtime DXE application and execute arbitrary code.

Read more
[BRLY-2021-031]
SMM callout vulnerability in combined DXE/SMM driver on BullSequana Edge server.
February 01, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM callout vulnerability on a BullSequana Edge server allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-030]
SMM memory corruption vulnerability in combined DXE/SMM driver on BullSequana Edge server.
February 01, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on a BullSequana Edge server allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-029]
SMM memory corruption vulnerability in combined DXE/SMM driver on BullSequana Edge server.
February 01, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on a BullSequana Edge server allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-028]
SMM callout vulnerability in combined DXE/SMM driver on BullSequana Edge server.
February 01, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM callout vulnerability on a BullSequana Edge server allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-027]
SMM memory corruption vulnerability in combined DXE/SMM driver on BullSequana Edge server.
February 01, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on a BullSequana Edge server allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-026]
SMM memory corruption vulnerability in combined DXE/SMM driver on BullSequana Edge server.
February 01, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on a BullSequana Edge server allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-025]
SMM callout vulnerability in combined DXE/SMM driver on BullSequana Edge server.
February 01, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM callout vulnerability on a BullSequana Edge server allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-024]
SMM memory corruption vulnerability in combined DXE/SMM driver on BullSequana Edge server.
February 01, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on a BullSequana Edge server allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-023]
SMM callout vulnerability in combined DXE/SMM driver on BullSequana Edge server.
February 01, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM callout vulnerability on a BullSequana Edge server allowing a possible attacker to hijack the execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-022]
SMM callout vulnerability in combined DXE/SMM driver on BullSequana Edge server.
February 01, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM callout vulnerability on a BullSequana Edge server allowing a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-021]
The stack buffer overflow vulnerability leads to arbitrary code execution in UEFI DXE driver on BullSequana Edge server.
February 01, 2022
UEFI
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a stack overflow vulnerability that allows a local priviledged user to access UEFI DXE driver and execute arbitrary code.

Read more
[BRLY-2021-020]
SMM callout vulnerability in combined DXE/SMM on Fujitsu device (SMM arbitrary code execution).
February 01, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team identified a SMM callout in a Fujitsu device, which allows an attacker to access the System Management Mode and execute arbitrary code.

Read more
[BRLY-2021-019]
SMM callout vulnerability in combined DXE/SMM on Fujitsu device (SMM arbitrary code execution).
February 01, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team identified a SMM callout in a Fujitsu device, which allows an attacker to access the System Management Mode and execute arbitrary code.

Read more
[BRLY-2021-018]
SMM callout vulnerability in combined DXE/SMM on Fujitsu device (SMM arbitrary code execution).
February 01, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team identified a SMM callout in a Fujitsu device, which allows an attacker to access the System Management Mode and execute arbitrary code.

Read more
[BRLY-2021-017]
SMM callout vulnerability in combined DXE/SMM on Fujitsu device (SMM arbitrary code execution).
February 01, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team identified a SMM callout in a Fujitsu device, which allows an attacker to access the System Management Mode and execute arbitrary code.

Read more
[BRLY-2021-016]
SMM memory corruption vulnerability in combined DXE/SMM on Fujitsu device (SMRAM write).
February 01, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability in a Fujitsu device allowing a possible attacker to write data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-015]
SMM memory corruption vulnerability in combined DXE/SMM on Fujitsu device (SMRAM write).
February 01, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability in a Fujitsu device allowing a possible attacker to write data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-013]
SMM memory corruption vulnerability in combined DXE/SMM driver on Fujitsu device (SMRAM write).
February 01, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability in Fujitsu devices allowing a possible attacker to write data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-012]
SMM memory corruption vulnerability in combined DXE/SMM driver on Fujitsu device (SMRAM write).
February 01, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability in Fujitsu devices allowing a possible attacker to write data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-011]
SMM memory corruption vulnerability in combined DXE/SMM driver on Fujitsu device (SMRAM write).
February 01, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability in Fujitsu devices allowing a possible attacker to write data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-010]
SMM memory corruption vulnerability in combined DXE/SMM driver on Fujitsu device (SMRAM write).
February 01, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability in a Fujitsu device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-009]
SMM memory corruption vulnerability in combined DXE/SMM driver on Fujitsu device (SMRAM write).
February 01, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability in a Fujitsu device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Read more
[BRLY-2021-008]
SMM callout vulnerability in SMM driver on Fujitsu device (SMM arbitrary code execution).
February 01, 2022
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team identified a SMM callout in a Fujitsu device, which allows an attacker to access the System Management Mode and execute arbitrary code.

Read more
[BRLY-2021-002]
Lenovo system firmware has missing coverage with Boot Guard protected ranges (IBB) for UEFI modules
July 15, 2021
Lenovo
BINARLY efiXplorer team

BINARLY efiXplorer team identified several Lenovo devices do not properly protect UEFI system firmware modules with Intel Boot Guard technolody (missing protection coverage Boot Guard IBB hash), which allows an attacker with write access to the SPI flash storage (such as with physical access or leveraging a BIOS write protection bypass vulnerability) to install a persistent backdoor/implant.

Read more
[BRLY-2021-001]
SMM callout vulnerability on Lenovo ThinkPad laptops firmware (SMM arbitrary code execution)
July 15, 2021
SMM
BINARLY efiXplorer team

BINARLY efiXplorer team identified SMM callout in ThinkPad 13 2nd Gen, which allows a local privileged user to access the System Management Mode and execute arbitrary code.

Read more