all InfoSec news
VU#796611: InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM
Feb. 1, 2022, 7:04 p.m. |
CERT Recently Published Vulnerability Notes kb.cert.org
Overview
The InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware contains multiple vulnerabilities related to memory management in System Management Mode (SMM).
Description
UEFI software provides an extensible interface between an operating system and platform firmware. UEFI software uses a highly privileged processor execution mode called System Management Mode (SMM) for handling system-wide functions like power management, system hardware control, or proprietary OEM-designed code. SMM's privileges, also referred to as "Ring -2," exceed the privileges of the operating system's kernel ("Ring-0"). For …
More from kb.cert.org / CERT Recently Published Vulnerability Notes
VU#446598: GPU kernel implementations susceptible to memory leak
2 months, 1 week ago |
kb.cert.org
VU#132380: Vulnerabilities in EDK2 NetworkPkg IP stack implementation.
2 months, 1 week ago |
kb.cert.org
VU#811862: Image files in UEFI can be abused to modify boot behavior
3 months, 3 weeks ago |
kb.cert.org
Jobs in InfoSec / Cybersecurity
Information Technology Specialist II: Network Architect
@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA
Cybersecurity Skills Challenge -- Sponsored by DoD
@ Correlation One | United States
Security Operations Center (SOC) Analyst
@ GK Cybersecurity Group | Remote
DevSecOps Engineer
@ SIXGEN | Remote
Senior DevSecOps Engineer
@ nou Systems, Inc. | Huntsville AL, Huntsville, AL, US
Security Engineer (f/m/d)
@ Enpal B.V. | Berlin, Germany