all InfoSec news
VU#434994: Multiple race conditions due to TOCTOU flaws in various UEFI Implementations
Nov. 8, 2022, 5:02 p.m. |
CERT Recently Published Vulnerability Notes kb.cert.org
Overview
Multiple Unified Extensible Firmware Interface (UEFI) implementations are vulnerable to code execution in System Management Mode (SMM) by an attacker who gains administrative privileges on the local machine. An attacker can corrupt the memory using Direct Memory Access (DMA) timing attacks that can lead to code execution. These threats are collectively referred to as RingHopper attacks.
Description
The UEFI standard provides an open specification that defines a software interface between an operating system (OS) and the device hardware on …
More from kb.cert.org / CERT Recently Published Vulnerability Notes
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks
4 weeks, 1 day ago |
kb.cert.org
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Data Privacy Manager m/f/d)
@ Coloplast | Hamburg, HH, DE
Cybersecurity Sr. Manager
@ Eastman | Kingsport, TN, US, 37660
KDN IAM Associate Consultant
@ KPMG India | Hyderabad, Telangana, India
Learning Experience Designer in Cybersecurity (f/m/div.) (Salary: ~113.000 EUR p.a.*)
@ Bosch Group | Stuttgart, Germany
Senior Security Engineer - SIEM
@ Samsara | Remote - US