UEFI firmware
by Intel
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-43758 | Hig | 0.53 | 8.2 | 0.00 | Feb 12, 2025 | Improper input validation in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||
| CVE-2025-11577 | Hig | 0.49 | 7.6 | 0.00 | Oct 14, 2025 | Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected… | ||
| CVE-2024-28127 | Hig | 0.49 | 7.5 | 0.00 | Feb 12, 2025 | Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-24582 | Hig | 0.49 | 7.5 | 0.00 | Feb 12, 2025 | Improper input validation in XmlCli feature for UEFI firmware for some Intel(R) processors may allow privileged user to potentially enable escalation of privilege via local access. | ||
| CVE-2024-21781 | Hig | 0.47 | 7.2 | 0.00 | Sep 16, 2024 | Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to enable information disclosure or denial of service via local access. | ||
| CVE-2024-39279 | Med | 0.42 | 6.5 | 0.00 | Feb 12, 2025 | Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially enable denial of service via local access. | ||
| CVE-2023-23904 | Med | 0.40 | 6.1 | 0.00 | Sep 16, 2024 | NULL pointer dereference in the UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||
| CVE-2025-35991 | Med | 0.36 | — | 0.00 | May 12, 2026 | Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially… | ||
| CVE-2023-25546 | Low | 0.16 | 2.5 | 0.00 | Sep 16, 2024 | Out-of-bounds read in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access. | ||
| CVE-2025-20105 | 0.00 | — | 0.00 | Mar 10, 2026 | Improper input validation in some UEFI firmware SMM module for the Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may… | |||
| CVE-2025-20005 | 0.00 | — | 0.00 | Mar 10, 2026 | Improper buffer restrictions in some UEFI firmware for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation. This result may potentially occur… | |||
| CVE-2025-20096 | 0.00 | — | 0.00 | Mar 10, 2026 | Improper input validation in the UEFI firmware for some Intel Reference Platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation. This result may potentially occur via… |
- risk 0.53cvss 8.2epss 0.00
Improper input validation in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.
- risk 0.49cvss 7.6epss 0.00
Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected…
- risk 0.49cvss 7.5epss 0.00
Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
- risk 0.49cvss 7.5epss 0.00
Improper input validation in XmlCli feature for UEFI firmware for some Intel(R) processors may allow privileged user to potentially enable escalation of privilege via local access.
- risk 0.47cvss 7.2epss 0.00
Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to enable information disclosure or denial of service via local access.
- risk 0.42cvss 6.5epss 0.00
Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially enable denial of service via local access.
- risk 0.40cvss 6.1epss 0.00
NULL pointer dereference in the UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
- risk 0.36cvss —epss 0.00
Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially…
- risk 0.16cvss 2.5epss 0.00
Out-of-bounds read in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.
- CVE-2025-20105Mar 10, 2026risk 0.00cvss —epss 0.00
Improper input validation in some UEFI firmware SMM module for the Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may…
- CVE-2025-20005Mar 10, 2026risk 0.00cvss —epss 0.00
Improper buffer restrictions in some UEFI firmware for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation. This result may potentially occur…
- CVE-2025-20096Mar 10, 2026risk 0.00cvss —epss 0.00
Improper input validation in the UEFI firmware for some Intel Reference Platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation. This result may potentially occur via…