VU#434994: Multiple race conditions due to TOCTOU flaws in various UEFI Implementations

Opsfolio Community
November 8, 2022, 11 months ago
64

Overview Multiple Unified Extensible Firmware Interface (UEFI) implementations are vulnerable to code execution in System Management Mode (SMM) by an attacker who gains administrative privileges on the local machine. An attacker can corrupt the memory using Direct Memory Access (DMA) timing attacks that can lead to code execution. These threats are collectively referred to as RingHopper attacks. Description The UEFI standard provides an open specification that defines a software interface between an operating system (OS) and the device hardware on...

Source: https://kb.cert.org/vuls/id/434994

VU#434994: Multiple race conditions due to TOCTOU flaws in various UEFI Implementations

VU#434994: Multiple race conditions due to TOCTOU flaws in various UEFI Implementations

Subscribe To Our Newsletter!

Popular Posts

What A Cybersecurity Degree Teach You About Protecting Businesses Against Threats

Steps to creating a healthcare app

Cybersecurity Tips For Freelance Healthcare Workers

How to Create a Secure Healthcare Website?

How to keep your child safe from infections when you are not at home?

POPULAR Media

Ransomware Payouts Are On The Rise

Defense Against Socially Engineered Attacks

Address Ransomware With Multiple Layered Security

Hitrust – Streamlining the Compliance Process