VYPR
High severity7.5NVD Advisory· Published Nov 27, 2018· Updated Jun 17, 2026

CVE-2018-16089

CVE-2018-16089

Description

In System Management Module (SMM) versions prior to 1.06, a field in the header of SMM firmware update images is insufficiently sanitized, allowing post-authentication command injection on the SMM as the root user.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.