7.5 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): HIGH
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with …
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution.
References
Affected products
- ==NaplesPI 1.0.0.K
- ==1.0.0.k
- ==1.0.0.g
- ==1.0.0.2
- ==1.1.0.a
- ==1.0.0.a
- ==1.0.0.7
- ==1.0.0.0
- ==1.0.0.0
- ==1.0.0.8
- ==SnowyOwl PI 1.1.0.A
- ==EmbRomePI-SP3 1.0.0.A
- ==EmbMilanPI-SP3 1.0.0.7
- ==EmbGenoaPI-SP5 1.0.0.0
- ==EmbeddedPI-FP7r2 1.0.0.8
- ==EmbeddedAM5PI 1.0.0.0
- ==RomePI 1.0.0.G
- ==MilanPI 1.0.0.B
- ==GenoaPI 1.0.0.2
- ==ComboAM5 1.0.0.1
- ==ChagallWSPI-sWRX8 1.0.0.7
- ==RembrandtPI-FP7 1.0.0.9b
- ==MendocinoPI-FT6 1.0.0.0
- ==RembrandtPI-FP7 1.0.0.9b
Matching in nixpkgs
pkgs.spoofdpi
Simple and fast anti-censorship tool written in Go
-
nixos-unstable -
- nixpkgs-unstable 0.12.0
pkgs.perlPackages.PPI
Parse, Analyze and Manipulate Perl (without perl)
-
nixos-unstable -
- nixpkgs-unstable 1.277
pkgs.perl538Packages.PPI
Parse, Analyze and Manipulate Perl (without perl)
-
nixos-unstable -
- nixpkgs-unstable 1.277
pkgs.perl540Packages.PPI
Parse, Analyze and Manipulate Perl (without perl)
-
nixos-unstable -
- nixpkgs-unstable 1.277
pkgs.perlPackages.GSSAPI
Perl extension providing access to the GSSAPIv2 library
-
nixos-unstable -
- nixpkgs-unstable 0.28
pkgs.perlPackages.PDFAPI2
Create, modify, and examine PDF files
-
nixos-unstable -
- nixpkgs-unstable API2-2.045
pkgs.haskellPackages.hsPID
PID control loop
-
nixos-unstable -
- nixpkgs-unstable 0.1.2
pkgs.spirv-llvm-translator
Tool and a library for bi-directional translation between SPIR-V and LLVM IR
-
nixos-unstable -
- nixpkgs-unstable 19.1.10
pkgs.perl538Packages.GSSAPI
Perl extension providing access to the GSSAPIv2 library
-
nixos-unstable -
- nixpkgs-unstable 0.28
pkgs.perl540Packages.GSSAPI
Perl extension providing access to the GSSAPIv2 library
-
nixos-unstable -
- nixpkgs-unstable 0.28
pkgs.perlPackages.PPIxUtils
Utility functions for PPI
-
nixos-unstable -
- nixpkgs-unstable 0.003
pkgs.perl538Packages.PDFAPI2
Create, modify, and examine PDF files
-
nixos-unstable -
- nixpkgs-unstable API2-2.045
pkgs.perl540Packages.PDFAPI2
Create, modify, and examine PDF files
-
nixos-unstable -
- nixpkgs-unstable API2-2.045
pkgs.perlPackages.PPIxRegexp
Parse regular expressions
-
nixos-unstable -
- nixpkgs-unstable 0.088
pkgs.perlPackages.ProcPIDFile
Manage process id files
-
nixos-unstable -
- nixpkgs-unstable 1.29
pkgs.haskellPackages.EdisonAPI
A library of efficient, purely-functional data structures (API)
-
nixos-unstable -
- nixpkgs-unstable 1.3.3.2
pkgs.perl538Packages.PPIxUtils
Utility functions for PPI
-
nixos-unstable -
- nixpkgs-unstable 0.003
pkgs.perl540Packages.PPIxUtils
Utility functions for PPI
-
nixos-unstable -
- nixpkgs-unstable 0.003
pkgs.perlPackages.WWWTwilioAPI
Accessing Twilio's REST API with Perl
-
nixos-unstable -
- nixpkgs-unstable 0.21
pkgs.perl538Packages.PPIxRegexp
Parse regular expressions
-
nixos-unstable -
- nixpkgs-unstable 0.088
pkgs.perl540Packages.PPIxRegexp
Parse regular expressions
-
nixos-unstable -
- nixpkgs-unstable 0.088
pkgs.perlPackages.OpenAPIClient
Client for talking to an Open API powered server
-
nixos-unstable -
- nixpkgs-unstable 1.07
pkgs.perlPackages.PPIxQuoteLike
Parse Perl string literals and string-literal-like things
-
nixos-unstable -
- nixpkgs-unstable 0.023
pkgs.perlPackages.PPIxUtilities
Extensions to PPI|PPI
-
nixos-unstable -
- nixpkgs-unstable 1.001000
pkgs.perl538Packages.ProcPIDFile
Manage process id files
-
nixos-unstable -
- nixpkgs-unstable 1.29
pkgs.perl540Packages.ProcPIDFile
Manage process id files
-
nixos-unstable -
- nixpkgs-unstable 1.29
pkgs.perl538Packages.WWWTwilioAPI
Accessing Twilio's REST API with Perl
-
nixos-unstable -
- nixpkgs-unstable 0.21
pkgs.perl540Packages.WWWTwilioAPI
Accessing Twilio's REST API with Perl
-
nixos-unstable -
- nixpkgs-unstable 0.21
pkgs.perl538Packages.OpenAPIClient
Client for talking to an Open API powered server
-
nixos-unstable -
- nixpkgs-unstable 1.07
pkgs.perl538Packages.PPIxQuoteLike
Parse Perl string literals and string-literal-like things
-
nixos-unstable -
- nixpkgs-unstable 0.023
pkgs.perl538Packages.PPIxUtilities
Extensions to PPI|PPI
-
nixos-unstable -
- nixpkgs-unstable 1.001000
pkgs.perl540Packages.OpenAPIClient
Client for talking to an Open API powered server
-
nixos-unstable -
- nixpkgs-unstable 1.07
pkgs.perl540Packages.PPIxQuoteLike
Parse Perl string literals and string-literal-like things
-
nixos-unstable -
- nixpkgs-unstable 0.023
pkgs.perl540Packages.PPIxUtilities
Extensions to PPI|PPI
-
nixos-unstable -
- nixpkgs-unstable 1.001000
pkgs.perlPackages.MojoliciousPluginOpenAPI
OpenAPI / Swagger plugin for Mojolicious
-
nixos-unstable -
- nixpkgs-unstable 5.09
pkgs.perl538Packages.MojoliciousPluginOpenAPI
OpenAPI / Swagger plugin for Mojolicious
-
nixos-unstable -
- nixpkgs-unstable 5.09
pkgs.perl540Packages.MojoliciousPluginOpenAPI
OpenAPI / Swagger plugin for Mojolicious
-
nixos-unstable -
- nixpkgs-unstable 5.09
Package maintainers
-
@invokes-su Souvik Sen <nixpkgs-commits@deshaw.com>
-
@despsyched Priyanshu Tripathi <priyanshu.tripathi@deshaw.com>
-
@de11n Elliot Cameron <nixpkgs-commits@deshaw.com>
-
@stigtsp Stig Palmquist <stig@stig.io>
-
@gloaming Craig Hall <ch9871@gmail.com>