Header bannerHeader banner

Advisories

The Unseen Threats: The latest advisories published by Binarly

Search public research surrounding SCRM and vulnerability research; responsibly disclosed and unearthed in our Lab using the Binarly Transparency Platform.
BMC
DXE
Dell
Firmware
Fujitsu
HP
IPMI
Intel
Lenovo
PEI
SMI
SMM
SMRAM
Supermicro
UEFI
Vulnerability
supply chain
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
↩ Clear Search
April 11, 2024
[BRLY-2024-002] OOB Read in Lighttpd 1.4.45 used in Intel M70KLP series firmware
BINARLY team has discovered a Heap Out-of-bounds Read vulnerability in the web server component of Intel BMC firmware, allowing a potential attacker to exfiltrate sensitive information from Lighttpd process memory.
Arrow indicating Link
April 11, 2024
[BRLY-2024-003] OOB Read in Lighttpd 1.4.35 used in Lenovo BMC firmware
BINARLY research team has discovered a Heap Out-of-bounds Read vulnerability in the web server component of Lenovo BMC firmware, allowing a potential attacker to exfiltrate sensitive information from Lighttpd process memory.
Arrow indicating Link
April 11, 2024
[BRLY-2024-004] OOB Read in Lighttpd before 1.4.51
BINARLY research team has discovered a Heap Out-of-bounds Read vulnerability in the `lighttpd` web server, allowing a potential attacker to exfiltrate sensitive information from process memory.
Arrow indicating Link
March 7, 2024
[BRLY-2023-005] Arbitrary calls to SetVariable with unsanitized arguments in SMI handler
BINARLY efiXplorer team has discovered a SMI handler that passes attacker controlled arguments to SmmSetVariable() without any sort of filtering/sanitization.
Arrow indicating Link
March 7, 2024
[BRLY-2023-004] SMM memory corruption vulnerability in SMM driver (SMRAM write).
BINARLY efiXplorer team identified an SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Arrow indicating Link
March 7, 2024
[BRLY-2023-002] Stack buffer overflow vulnerability leading to arbitrary code execution during DXE phase
BINARLY efiXplorer team has discovered a stack buffer overflow vulnerability that allows an attacker to execute arbitrary code.
Arrow indicating Link
January 23, 2024
[BRLY-2023-006] Multiple vulnerabilities in image parsing functions can be exploited by an attacker with local access.
BINARLY REsearch team has uncovered multiple critical vulnerabilities in the image parsing libraries used to parse customized boot logos.
Arrow indicating Link
January 23, 2024
[BRLY-2023-018] Multiple vulnerabilities in image parsing functions can be exploited by an attacker with local access.
BINARLY REsearch team has uncovered multiple critical vulnerabilities in the libraries used to parse image data formats and thus logos.
Arrow indicating Link
November 16, 2023
[BRLY-2022-038] Stack buffer overflow vulnerability leads to arbitrary code execution in a DXE driver on Intel platform.
BINARLY efiXplorer team has discovered a stack overflow vulnerability that allows a local root user to access a UEFI DXE driver and execute arbitrary code.
Arrow indicating Link
November 16, 2023
[BRLY-2022-041] The stack memory contents leak / information disclosure vulnerability in DXE driver.
BINARLY efiXplorer team has discovered a stack memory contents leak / information disclosure vulnerability that allows a potencial attacker to write stack memory to NVRAM variable.
Arrow indicating Link
November 16, 2023
[BRLY-2022-039] SMRAM memory contents leak / information disclosure vulnerability in SMM driver (SMRAM read).
BINARLY efiXplorer team identified an SMM memory contents leak / information disclosure vulnerability, which allows an attacker to read portions of SMRAM memory. This in turn could help building a successful attack vector exploiting SMM memory corruption vulnerability.
Arrow indicating Link
November 16, 2023
[BRLY-2022-040] The stack memory contents leak / information disclosure vulnerability in DXE driver.
BINARLY efiXplorer team has discovered a stack memory contents leak / information disclosure vulnerability that allows a potencial attacker to write stack memory to NVRAM variable.
Arrow indicating Link
October 3, 2023
[BRLY-2023-009] Cross-site scripting vulnerability in Supermicro BMC IPMI firmware in the config_ssl_fw_reset webpage using port GET parameter
BINARLY team has discovered a DOM-based cross-site scripting (XSS) vulnerability in the config_ssl_fw_reset webpage that uses port GET parameter, included in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to gain access to an account with administrator privileges.
Arrow indicating Link
October 3, 2023
[BRLY-2023-007] Cross-site scripting vulnerability in Supermicro BMC IPMI firmware in the config_ip_ctrl_change webpage using index GET parameter
BINARLY team has discovered a DOM-based cross-site scripting (XSS) vulnerability in the config_ip_ctrl_change webpage that uses index GET parameter, included in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to gain access to an account with administrator privileges.
Arrow indicating Link
October 3, 2023
[BRLY-2023-001] Command injection vulnerability in Supermicro BMC IPMI firmware
BINARLY team has discovered a command injection vulnerability in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to execute arbitrary code.
Arrow indicating Link
October 3, 2023
[BRLY-2023-008] Cross-site scripting vulnerability in Supermicro BMC IPMI firmware in the modify_nm_policy webpage using pdomain GET parameter
BINARLY team has discovered a DOM-based cross-site scripting (XSS) vulnerability in the modify_nm_policy webpage that uses pdomain GET parameter, included in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to gain access to an account with administrator privileges.
Arrow indicating Link
October 3, 2023
[BRLY-2023-012] Stored cross-site scripting vulnerability in Supermicro BMC IPMI firmware in the man_ikvm_html5_bootstrap and man_ikvm_html5_bootstrap_vm webpages using lang local storage item
BINARLY team has discovered a stored DOM-based cross-site scripting (XSS) vulnerability in the man_ikvm_html5_bootstrap and man_ikvm_html5_bootstrap_vm webpages that uses lang local storage item, included in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to gain access to an account with administrator privileges.
Arrow indicating Link
October 3, 2023
[BRLY-2023-010] Cross-site scripting vulnerability in Supermicro BMC IPMI firmware in the servh_storage_create and servh_storage_add webpages using the hash property of the URL
BINARLY team has discovered a DOM-based cross-site scripting (XSS) vulnerability in servh_storage_create and servh_storage_add webpages that uses hash property of the URL, included in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to gain access to an account with administrator privileges. This attack works on IE11 and Microsoft Edge in Internet Explorer mode.
Arrow indicating Link
October 3, 2023
[BRLY-2023-011] Stored cross-site scripting vulnerability in Supermicro BMC IPMI firmware in multiple webpages using language cookie value
BINARLY team has discovered a stored DOM-based cross-site scripting (XSS) vulnerability in multiple webpages that uses language cookie value, included in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to gain access to an account with administrator privileges.
Arrow indicating Link
September 21, 2023
[BRLY-2022-118] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
September 21, 2023
[BRLY-2022-126] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
September 21, 2023
[BRLY-2022-174] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
September 21, 2023
[BRLY-2022-173] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
September 1, 2023
[BRLY-2023-021] The Denial Of Service (DoS) vulnerability during PEI phase in EDK2 codebase
The BINARLY efiXplorer team has identified a PEI-phase Denial of Service (DoS) vulnerability in the EDK2 codebase, which can be exploited by an attacker capable of modifying physical memory.
Arrow indicating Link
June 22, 2023
[BRLY-2022-100] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
June 22, 2023
[BRLY-2022-054] Stack buffer overflow vulnerability leads to arbitrary code execution in DXE driver on multiple Dell platforms.
BINARLY efiXplorer team has discovered a stack overflow vulnerability that allows a potential attacker to access UEFI DXE driver and execute arbitrary code.
Arrow indicating Link
June 22, 2023
[BRLY-2022-087] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
June 22, 2023
[BRLY-2022-070] OOB write vulnerability in SMI handler leads to arbitrary code execution in SMM.
BINARLY efiXplorer team has discovered a OOB write vulnerability that allows a possible attacker to hijack execution flow of a code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.
Arrow indicating Link
June 22, 2023
[BRLY-2022-055] Stack buffer overflow vulnerability leads to arbitrary code execution in DXE driver on multiple Dell platforms.
BINARLY efiXplorer team has discovered a stack overflow vulnerability that allows a potential attacker to access UEFI DXE driver and execute arbitrary code.
Arrow indicating Link
June 22, 2023
[BRLY-2022-065] Stack buffer overflow vulnerability leads to arbitrary code execution in DXE driver on multiple Dell platforms.
BINARLY efiXplorer team has discovered a stack overflow vulnerability that allows a potential attacker to access UEFI DXE driver and execute arbitrary code.
Arrow indicating Link
June 22, 2023
[BRLY-2022-125] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
June 22, 2023
[BRLY-2022-121] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
June 22, 2023
[BRLY-2022-127] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
June 22, 2023
[BRLY-2022-119] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
June 22, 2023
[BRLY-2022-122] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
June 22, 2023
[BRLY-2022-123] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
June 22, 2023
[BRLY-2022-124] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
June 22, 2023
[BRLY-2022-101] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
June 22, 2023
[BRLY-2022-099] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
June 22, 2023
[BRLY-2022-150] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
June 22, 2023
[BRLY-2022-156] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
June 22, 2023
[BRLY-2022-144] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
June 22, 2023
[BRLY-2022-147] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
June 22, 2023
[BRLY-2022-129] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
June 22, 2023
[BRLY-2022-148] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
June 22, 2023
[BRLY-2022-145] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
June 22, 2023
[BRLY-2022-155] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
June 22, 2023
[BRLY-2022-146] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
June 22, 2023
[BRLY-2022-131] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
June 22, 2023
[BRLY-2022-165] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
June 22, 2023
[BRLY-2022-158] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
June 22, 2023
[BRLY-2022-159] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
June 22, 2023
[BRLY-2022-160] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
June 22, 2023
[BRLY-2022-169] Memory contents leak / information disclosure vulnerability in DXE driver on Dell platform.
BINARLY efiXplorer team has discovered a memory contents leak / information disclosure vulnerability that allows a potential attacker to dump stack memory or global memory into an NVRAM variable. This in turn could help building a successful attack vector based on exploiting a memory corruption vulnerability.
Arrow indicating Link
April 3, 2023
[BRLY-2022-042] SMM callout vulnerability in SMM driver on AMD-based Gigabyte devices.
The BINARLY efiXplorer team has discovered an SMM callout vulnerability on a Gigabyte device allowing a potential attacker to hijack execution flow of code running in the System Management Mode. Exploitation of this issue could lead to escalation of privileges to SMM.
Arrow indicating Link
April 3, 2023
[BRLY-2022-043] SMM callout vulnerability in SMM driver on AMD-based Gigabyte devices.
The BINARLY efiXplorer team has discovered an SMM callout vulnerability on a Gigabyte device allowing a potential attacker to hijack execution flow of code running in the System Management Mode. Exploitation of this issue could lead to escalation of privileges to SMM.
Arrow indicating Link
April 3, 2023
[BRLY-2022-044] SMM callout vulnerability in SMM driver on AMD-based Gigabyte devices.
The BINARLY efiXplorer team has discovered an SMM callout vulnerability on a Gigabyte device allowing a potential attacker to hijack execution flow of code running in the System Management Mode. Exploitation of this issue could lead to escalation of privileges to SMM.
Arrow indicating Link
March 23, 2023
[BRLY-2022-020] The stack buffer overflow vulnerability leads to arbitrary code execution.
BINARLY efiXplorer team has discovered a stack buffer overflow vulnerability that allows a attacker to execute arbitrary code.
Arrow indicating Link
March 23, 2023
[BRLY-2022-019] The stack buffer overflow vulnerability leads to arbitrary code execution.
BINARLY efiXplorer team has discovered a stack buffer overflow vulnerability that allows a attacker to execute arbitrary code.
Arrow indicating Link
March 21, 2023
[BRLY-2022-021] The stack buffer overflow vulnerability leads to arbitrary code execution.
BINARLY efiXplorer team has discovered a stack buffer overflow vulnerability that allows a attacker to execute arbitrary code.
Arrow indicating Link
January 9, 2023
[BRLY-2022-029] The stack buffer overflow vulnerability leads to arbitrary code execution during DXE phase.
BINARLY efiXplorer team has discovered a stack buffer overflow vulnerability that allows an attacker to execute arbitrary code.
Arrow indicating Link
January 9, 2023
[BRLY-2022-031] The stack memory leak vulnerability in DXE driver.
BINARLY efiXplorer team has discovered a stack memory leak vulnerability that allows a potencial attacker to write stack memory to NVRAM variable.
Arrow indicating Link
January 9, 2023
[BRLY-2022-034] Stack memory leak vulnerability in DXE driver.
BINARLY efiXplorer team has discovered a stack memory leak vulnerability that allows a potential attacker to write stack memory to NVRAM variable.
Arrow indicating Link
January 9, 2023
[BRLY-2022-033] Stack buffer overflow vulnerability leading to arbitrary code execution during DXE phase.
BINARLY efiXplorer team has discovered a stack buffer overflow vulnerability that allows an attacker to execute arbitrary code.
Arrow indicating Link
January 9, 2023
[BRLY-2022-037] The stack memory leak vulnerability in DXE driver.
BINARLY efiXplorer team has discovered a stack memory leak vulnerability that allows a potencial attacker to write stack memory to NVRAM variable.
Arrow indicating Link
January 9, 2023
[BRLY-2022-030] The stack buffer overflow vulnerability leads to arbitrary code execution during DXE phase.
BINARLY efiXplorer team has discovered a stack buffer overflow vulnerability that allows an attacker to execute arbitrary code.
Arrow indicating Link
January 9, 2023
[BRLY-2022-036] The stack memory leak vulnerability in DXE driver.
BINARLY efiXplorer team has discovered a stack memory leak vulnerability that allows a potencial attacker to write stack memory to NVRAM variable.
Arrow indicating Link
January 9, 2023
[BRLY-2022-032] The stack memory leak vulnerability in DXE driver.
BINARLY efiXplorer team has discovered a stack memory leak vulnerability that allows a potencial attacker to write stack memory to NVRAM variable.
Arrow indicating Link
January 9, 2023
[BRLY-2022-035] Stack memory leak vulnerability in DXE driver.
BINARLY efiXplorer team has discovered a stack memory leak vulnerability that allows a potential attacker to write stack memory to NVRAM variable.
Arrow indicating Link
November 9, 2022
[BRLY-2022-001] Stack buffer overflow vulnerability leads to arbitrary code execution in a DXE driver on Intel platform.
BINARLY efiXplorer team has discovered a stack overflow vulnerability that allows a local root user to access a UEFI DXE driver and execute arbitrary code.
Arrow indicating Link
September 21, 2022
[BRLY-2022-017] SMM callout vulnerability in SMM driver (SMM arbitrary code execution).
BINARLY efiXplorer team identified an SMM callout, which allows an attacker to access the System Management Mode and execute arbitrary code.
Arrow indicating Link
September 21, 2022
[BRLY-2022-018] SMM memory leak vulnerability in SMM driver (SMRAM read).
BINARLY efiXplorer team identified an SMM memory leak vulnerability, which allows an attacker to read portions of SMRAM memory. This in turn could help building a successful attack vector exploiting SMM memory corruption vulnerability.
Arrow indicating Link
September 21, 2022
[BRLY-2022-024] SMM memory corruption vulnerability in SMM driver (SMRAM write).
BINARLY efiXplorer team identified an SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Arrow indicating Link
September 21, 2022
[BRLY-2022-026] SMM memory corruption vulnerability in SMM driver (SMRAM write).
BINARLY efiXplorer team identified an SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Arrow indicating Link
September 21, 2022
[BRLY-2022-025] SMM memory leak vulnerability in SMM driver (SMRAM read).
BINARLY efiXplorer team identified an SMM memory leak vulnerability, which allows an attacker to read portions of SMRAM memory. This in turn could help building a successful attack vector exploiting SMM memory corruption vulnerability.
Arrow indicating Link
September 21, 2022
[BRLY-2022-023] SMM memory corruption vulnerability in Software SMI handler
BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Arrow indicating Link
September 21, 2022
[BRLY-2022-022] SMM callout vulnerability in SMM driver (SMM arbitrary code execution).
BINARLY efiXplorer team identified a SMM callout, which allows an attacker to access the System Management Mode and execute arbitrary code.
Arrow indicating Link
August 15, 2022
[BRLY-2022-028] Absence or incomplete applying the Return Stack Buffer (RSB) stuffing mitigation logic before resuming from SMM.
BINARLY efiXplorer team discovered that most enterprise vendors are affected by not correctly applying the Return Stack Buffer (RSB) stuffing mitigation logic before resuming from SMM (RSM instruction).
Arrow indicating Link
August 10, 2022
[BRLY-2022-003] SMM memory corruption vulnerability in SMM driver on Intel platforms.
BINARLY efiXplorer team has discovered SMM memory corruption vulnerability on Intel platforms allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Arrow indicating Link
August 10, 2022
[BRLY-2022-009] The arbitrary write vulnerability leads to arbitrary code execution during PEI phase on Intel platform.
BINARLY efiXplorer team has discovered a arbitrary write vulnerability on Intel platforms allowing a possible attacker to execute arbitrary code during PEI phase.
Arrow indicating Link
August 10, 2022
[BRLY-2022-015] The arbitrary code execution in DXE driver.
BINARLY efiXplorer team has discovered the ability of arbitrary code execution in DXE driver.
Arrow indicating Link
August 10, 2022
[BRLY-2022-012] SMM memory corruption vulnerability in SMM driver on HP device (SMRAM write).
BINARLY efiXplorer team has discovered an SMM memory corruption vulnerability in an HP device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Arrow indicating Link
August 10, 2022
[BRLY-2022-016] Stack overflow vulnerability in SMI handler.
BINARLY efiXplorer team has discovered stack overflow vulnerability in SMI handler on Intel platforms allowing a possible attacker to execute arbitrary code in SMM.
Arrow indicating Link
August 10, 2022
[BRLY-2022-013] SMM memory corruption vulnerability in SMM driver on HP device (SMRAM write).
BINARLY efiXplorer team has discovered an SMM memory corruption vulnerability in an HP device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Arrow indicating Link
August 10, 2022
[BRLY-2022-011] SMM memory corruption vulnerability in SMM driver on HP device (SMRAM write).
BINARLY efiXplorer team has discovered an SMM memory corruption vulnerability in an HP device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Arrow indicating Link
August 10, 2022
[BRLY-2022-014] Arbitrary write vulnerability in PEI module leads to arbitrary code execution during PEI phase.
BINARLY efiXplorer team has discovered a arbitrary write vulnerability in PEI module allowing a possible attacker to execute arbitrary code during PEI phase.
Arrow indicating Link
August 10, 2022
[BRLY-2022-027] The stack buffer overflow vulnerability leads to arbitrary code execution during PEI phase on Intel platform.
BINARLY efiXplorer team has discovered a stack buffer overflow vulnerability on Intel platforms allowing a possible attacker to execute arbitrary code during PEI phase.
Arrow indicating Link
August 3, 2022
[BRLY-2021-047] SMM callout vulnerability in SMM driver on HP device (SMM arbitrary code execution).
BINARLY efiXplorer team identified SMM callout on HP device, which allows a attacker to access the System Management Mode and execute arbitrary code.
Arrow indicating Link
August 3, 2022
[BRLY-2022-010] SMM memory corruption vulnerability in SMM driver on HP device (SMRAM write
BINARLY efiXplorer team has discovered an SMM memory corruption vulnerability in an HP device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Arrow indicating Link
May 23, 2022
[BRLY-2021-051] SMM memory corruption vulnerability in SMM driver on Intel platforms
BINARLY efiXplorer team has discovered SMM memory corruption vulnerability on Intel platforms allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Arrow indicating Link
May 23, 2022
[BRLY-2021-050] SMM memory corruption vulnerability in SMM driver on Intel platforms
BINARLY efiXplorer team has discovered SMM memory corruption vulnerability on Intel platforms allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Arrow indicating Link
May 23, 2022
[BRLY-2021-053] The stack buffer overflow vulnerability leads to arbitrary code execution in DXE driver on Intel platform
BINARLY efiXplorer team has discovered a stack overflow vulnerability that allows a local root user to access UEFI DXE driver and execute arbitrary code.
Arrow indicating Link
May 10, 2022
[BRLY-2021-014] SMM memory corruption vulnerability in SMM driver on Fujitsu device (SMRAM write).
BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability in Fujitsu devices allowing a possible attacker to write data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Arrow indicating Link
March 21, 2022
[BRLY-2021-043] SMM arbitrary code execution in USBRT SMM driver on Dell devices.
BINARLY efiXplorer team has discovered SMM arbitrary code execution on Dell devices.
Arrow indicating Link
March 21, 2022
[BRLY-2021-045] SMM callout vulnerability in USBRT SMM driver on Dell devices (SMM arbitrary code execution)
BINARLY efiXplorer team identified SMM callout on Dell platforms, which allows a attacker to access the System Management Mode and execute arbitrary code.
Arrow indicating Link
March 21, 2022
[BRLY-2021-046] SMM callout vulnerability in SMM driver on HP device (SMM arbitrary code execution).
BINARLY efiXplorer team identified SMM callout on HP device, which allows a attacker to access the System Management Mode and execute arbitrary code.
Arrow indicating Link
March 21, 2022
[BRLY-2022-004] SMM arbitrary code execution in USBRT SMM driver on Dell devices.
BINARLY efiXplorer team has discovered SMM arbitrary code execution on Dell devices.
Arrow indicating Link
March 8, 2022
[BRLY-2021-033] SMM memory corruption vulnerability in SMM driver on multiple HP devices.
BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Arrow indicating Link
March 8, 2022
[BRLY-2021-032] The heap buffer overflow vulnerability in child SW SMI handler on multiple HP devices.
BINARLY efiXplorer team has discovered a heap buffer overflow vulnerability in a child SW SMI handler on multiple HP devices that allows corruption of heap metadata.
Arrow indicating Link
March 8, 2022
[BRLY-2021-034] SMM memory corruption vulnerability in SMM driver on multiple HP devices.
BINARLY efiXplorer team has discovered a SMM memory corruption vulnerability on multiple HP devices allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Arrow indicating Link
Vulnerability Category
Count
CVSS Score
CWE
SMM Memory Corruption
43
7.9 High
CWE-121CWE-787
PEI Memory Corruption
3
7.9 High
CWE-123CWE-121
SMM Arbitary Code Execution
26
7.8 High
CWE-20CWE-829CWE-119
DXE Memory Corruption
41
7.7 High
CWE-121
DXE Arbitrary Code Execution
1
7.7 High
CWE-20
SMM Memory Content Disclosure
4
6.0 Medium
CWE-119CWE-125
Mitigation Failures
2
6.0 Medium
CWE-693
DXE Memory Content Dislosure
112
5.2 Medium
CWE-125

Keep up to date with the latest advisories

The Binarly research team leads the industry in uncovering new critical vulnerabilities.
Follow us on Linkedin
Arrow indicating link
April 1, 2024, Binarly Research Team

XZ Utils Supply Chain Puzzle: Binarly Ships Free Scanner for CVE-2024-3094 Backdoor

On March 29, right before Easter weekend, we received notifications about something unusual happening with the open-source project XZ Utils, which provides lossless data compression on virtually all Unix-like operating systems, including Linux.