SMM
by Lenovo
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-4857 | Hig | 0.49 | 7.5 | 0.00 | Apr 15, 2024 | An authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute certain IPMI calls that could lead to exposure of limited system information. | ||
| CVE-2023-2993 | 0.00 | — | 0.00 | Jun 26, 2023 | A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute. | |||
| CVE-2021-26317 | 0.00 | — | 0.00 | May 12, 2022 | Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution. | |||
| CVE-2021-26353 | 0.00 | — | 0.00 | May 10, 2022 | Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initialized state potentially resulting in loss of memory integrity. |
- risk 0.49cvss 7.5epss 0.00
An authentication bypass vulnerability was identified in SMM/SMM2 and FPC that could allow an authenticated user to execute certain IPMI calls that could lead to exposure of limited system information.
- CVE-2023-2993Jun 26, 2023risk 0.00cvss —epss 0.00
A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute.
- CVE-2021-26317May 12, 2022risk 0.00cvss —epss 0.00
Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution.
- CVE-2021-26353May 10, 2022risk 0.00cvss —epss 0.00
Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initialized state potentially resulting in loss of memory integrity.