Security
Headlines
HeadlinesLatestCVEs

Tag

#bios

io_uring __io_uaddr_map() Dangerous Multi-Page Handling

__io_uaddr_map() in io_uring suffers from dangerous handling of the multi-page region.

Packet Storm
Open in Source
#ios#google#linux#debian#perl#bios
CVE-2023-49713: [Update notice] HMI GC-A2 series|JTEKT ELECTRONICS CORPORATION

Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur.

CVE-2023-50430: A Touch of Pwn - Part I

The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computers, does not follow the Secure Device Connection Protocol (SDCP) when enrolling via Linux, and accepts an unauthenticated configuration packet to select the Windows template database, which allows bypass of Windows Hello authentication by enrolling an attacker's fingerprint.

CVE-2023-32460: DSA-2023-361: Security Update for Dell PowerEdge Server BIOS for an Improper Privilege Management Security Vulnerability

Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation.

CVE-2023-39539

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. 

CVE-2023-44298: DSA-2023-429: Security Update for Dell 16G PowerEdge Server BIOS for a Debug Code Security Vulnerability

Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, version 1.4.4, contain active debug code security vulnerability. An unauthenticated physical attacker could potentially exploit this vulnerability, leading to information tampering, code execution, denial of service.

LogoFAIL: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks

The Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image parsing libraries embedded into the firmware. The shortcomings, collectively labeled LogoFAIL by Binarly, "can be used by threat actors to deliver a malicious payload and bypass Secure Boot, Intel

Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs

Hundreds of consumer and enterprise-grade x86 and ARM models from various vendors, including Intel, Acer, and Lenovo, are potentially vulnerable to bootkits and takeover.

CVE-2023-29060: BD FACSChorus Vulnerabilities - Software and Workstation

The FACSChorusâ„¢ workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.

CVE-2023-32469: DSA-2023-223: Security Update for a Dell Precision Tower BIOS Vulnerability

Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution.