VYPR

UEFI firmware

by Intel

CVEs (12)

  • CVE-2023-43758HigFeb 12, 2025
    risk 0.53cvss 8.2epss 0.00

    Improper input validation in UEFI firmware for some Intel(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2025-11577HigOct 14, 2025
    risk 0.49cvss 7.6epss 0.00

    Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected…

  • CVE-2024-28127HigFeb 12, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2024-24582HigFeb 12, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper input validation in XmlCli feature for UEFI firmware for some Intel(R) processors may allow privileged user to potentially enable escalation of privilege via local access.

  • CVE-2024-21781HigSep 16, 2024
    risk 0.47cvss 7.2epss 0.00

    Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to enable information disclosure or denial of service via local access.

  • CVE-2024-39279MedFeb 12, 2025
    risk 0.42cvss 6.5epss 0.00

    Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially enable denial of service via local access.

  • CVE-2023-23904MedSep 16, 2024
    risk 0.40cvss 6.1epss 0.00

    NULL pointer dereference in the UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2025-35991MedMay 12, 2026
    risk 0.36cvss epss 0.00

    Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially…

  • CVE-2023-25546LowSep 16, 2024
    risk 0.16cvss 2.5epss 0.00

    Out-of-bounds read in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.

  • CVE-2025-20105Mar 10, 2026
    risk 0.00cvss epss 0.00

    Improper input validation in some UEFI firmware SMM module for the Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may…

  • CVE-2025-20005Mar 10, 2026
    risk 0.00cvss epss 0.00

    Improper buffer restrictions in some UEFI firmware for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation. This result may potentially occur…

  • CVE-2025-20096Mar 10, 2026
    risk 0.00cvss epss 0.00

    Improper input validation in the UEFI firmware for some Intel Reference Platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation. This result may potentially occur via…