admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#7366

Browse Source 
Auto-merge PR#7366
This commit is contained in:
CVE Team 2022-09-20 13:35:42 -04:00 committed by GitHub
commit 910b1013ac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 480 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
2022/26xxx/CVE-2022-26873.json
View File

@ -1,18 +1,84 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-26873",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2022-08-11T01:03:00.000Z",
"ID": "CVE-2022-26873",
"STATE": "PUBLIC",
"TITLE": "The stack buffer overflow vulnerability in PlatformInitAdvancedPreMem leads to arbitrary code execution during PEI phase."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aptio",
"version": {
"version_data": [
{
"version_name": "5.x",
"version_value": "5.x"
}
]
}
}
]
},
"vendor_name": "AMI"
}
]
}
}
},
"credit": [
{
"lang": "eng",
"value": "Binarly efiXplorer team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory.\nThis issue affects:\n \nModule name: PlatformInitAdvancedPreMem\nSHA256: 644044fdb8daea30a7820e0f5f88dbf5cd460af72fbf70418e9d2e47efed8d9b\nModule GUID: EEEE611D-F78F-4FB9-B868-55907F169280\nThis issue affects:\nAMI Aptio\n5.x."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.binarly.io/advisories/BRLY-2022-027"
},
{
"refsource": "CONFIRM",
"url": "https://www.ami.com/security-center/"
},
{
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00712.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

98
2022/2xxx/CVE-2022-2154.json
View File

@ -1,18 +1,84 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-2154",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2022-08-11T01:03:00.000Z",
"ID": "CVE-2022-2154",
"STATE": "PUBLIC",
"TITLE": "The arbitrary code execution in AMITSE DXE driver."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aptio",
"version": {
"version_data": [
{
"version_name": "5.x",
"version_value": "5.x"
}
]
}
}
]
},
"vendor_name": "AMI"
}
]
}
}
},
"credit": [
{
"lang": "eng",
"value": "Binarly efiXplorer team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker with physical access can exploit this vulnerability to execute arbitrary code during DXE phase. A malicious code installed as a result of vulnerability exploitation in DXE driver could survive across an operating system (OS) boot process and runtime\nThis issue affects:\n \nModule name: AMITSE\nSHA256: 288769fcb374d9280735e259c579e2dc209491f4da43b085d6aabc2d6e6ee57d\nModule GUID: b1da0adf-4f77-4070-a88e-bffe1c60529a\nThis issue affects:\nAMI Aptio\n5.x."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-123 Write-what-where Condition"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.binarly.io/advisories/BRLY-2022-015"
},
{
"refsource": "CONFIRM",
"url": "https://www.ami.com/security-center/"
},
{
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00712.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

94
2022/40xxx/CVE-2022-40246.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40246",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2022-08-11T01:03:00.000Z",
"ID": "CVE-2022-40246",
"STATE": "PUBLIC",
"TITLE": "Arbitrary write vulnerability in SbPei module leads to arbitrary code execution during PEI phase."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aptio",
"version": {
"version_data": [
{
"version_name": "5.x",
"version_value": "5.x"
}
]
}
}
]
},
"vendor_name": "AMI"
}
]
}
}
},
"credit": [
{
"lang": "eng",
"value": "Binarly efiXplorer team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential attacker can write one byte by arbitrary address at the time of the PEI phase (only during S3 resume boot mode) and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory.\nThis issue affects:\n \nModule name: SbPei\nSHA256: d827182e5f9b7a9ff0b9d3e232f7cfac43b5237e2681e11f005be627a49283a9\nModule GUID: c1fbd624-27ea-40d1-aa48-94c3dc5c7e0d"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-123 Write-what-where Condition"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.binarly.io/advisories/BRLY-2022-014"
},
{
"refsource": "CONFIRM",
"url": "https://www.ami.com/security-center/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

98
2022/40xxx/CVE-2022-40250.json
View File

@ -1,18 +1,84 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40250",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2022-08-11T01:03:00.000Z",
"ID": "CVE-2022-40250",
"STATE": "PUBLIC",
"TITLE": "Stack overflow vulnerability in SMI handler on SmmSmbiosElog."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aptio",
"version": {
"version_data": [
{
"version_name": "5.x",
"version_value": "5.x"
}
]
}
}
]
},
"vendor_name": "AMI"
}
]
}
}
},
"credit": [
{
"lang": "eng",
"value": "Binarly efiXplorer team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into BIOS. Such a malicious firmware code in BIOS could persist across operating system re-installs. Additionally, this vulnerability potentially could be used by malicious actors to bypass security mechanisms provided by UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors).\nThis issue affects:\n \nModule name: SmmSmbiosElog\nSHA256: 3a8acb4f9bddccb19ec3b22b22ad97963711550f76b27b606461cd5073a93b59\nModule GUID: 8e61fd6b-7a8b-404f-b83f-aa90a47cabdf\nThis issue affects:\nAMI Aptio\n5.x.\nThis issue affects:\nAMI Aptio\n5.x."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.binarly.io/advisories/BRLY-2022-016"
},
{
"refsource": "CONFIRM",
"url": "https://www.ami.com/security-center/"
},
{
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00712.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

94
2022/40xxx/CVE-2022-40261.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40261",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2022-08-11T01:03:00.000Z",
"ID": "CVE-2022-40261",
"STATE": "PUBLIC",
"TITLE": "SMM memory corruption vulnerability in OverClockSmiHandler SMM driver"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aptio",
"version": {
"version_data": [
{
"version_name": "5.x",
"version_value": "5.x"
}
]
}
}
]
},
"vendor_name": "AMI"
}
]
}
}
},
"credit": [
{
"lang": "eng",
"value": "Binarly efiXplorer team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into BIOS. Such a malicious firmware code in BIOS could persist across operating system re-installs. Additionally, this vulnerability potentially could be used by malicious actors to bypass security mechanisms provided by UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors).\n\nThis issue affects:\n \nModule name: OverClockSmiHandler\nSHA256: a204699576e1a48ce915d9d9423380c8e4c197003baf9d17e6504f0265f3039c\nModule GUID: 4698C2BD-A903-410E-AD1F-5EEF3A1AE422"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.binarly.io/advisories/BRLY-2022-003"
},
{
"refsource": "CONFIRM",
"url": "https://www.ami.com/security-center/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

94
2022/40xxx/CVE-2022-40262.json
View File

@ -1,18 +1,80 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-40262",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2022-08-11T01:03:00.000Z",
"ID": "CVE-2022-40262",
"STATE": "PUBLIC",
"TITLE": "The arbitrary write vulnerability in S3Resume2Pei leads to arbitrary code execution during PEI phase."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aptio",
"version": {
"version_data": [
{
"version_name": "5.x",
"version_value": "5.x"
}
]
}
}
]
},
"vendor_name": "AMI"
}
]
}
}
},
"credit": [
{
"lang": "eng",
"value": "Binarly efiXplorer team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory.\n\nThis issue affects:\n \nModule name: S3Resume2Pei \nSHA256: 7bb29f05534a8a1e010443213451425098faebd45948a4642db969b19d0253fc\nModule GUID: 89E549B0-7CFE-449D-9BA3-10D8B2312D71 "
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-123 Write-what-where Condition"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.binarly.io/advisories/BRLY-2022-009"
},
{
"refsource": "CONFIRM",
"url": "https://www.ami.com/security-center/"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}