Eason

**Name of the Vulnerable Software and Affected Versions** UEFI firmware CseVariableStorageSmm for some Intel(R) Processors (affected versions not specified) **Description** The issue is related to improper input validation in the UEFI firmware, which may allow a privileged user to potentially enable escalation of privilege via local access. This could lead to security breaches, but specific details about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited are not provided. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Processors (affected versions not specified) **Description** The issue is related to improper buffer restrictions in the UEFI firmware for some Intel(R) Processors. This may allow a privileged user to potentially enable information disclosure via local access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) processors (affected versions not specified) **Description** The issue is related to improper input validation in UEFI firmware for some Intel(R) processors. This may allow a privileged user to potentially enable escalation of privilege via local access. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Processors (affected versions not specified) **Description** The issue is related to improper input validation in UEFI firmware for some Intel(R) Processors. This may allow a privileged user to potentially enable escalation of privilege via local access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Processors (affected versions not specified) **Description** The issue concerns improper initialization in the UEFI firmware OutOfBandXML module, which may allow a privileged user to potentially enable information disclosure via local access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Processors (affected versions not specified) **Description** The issue is related to improper input validation in UEFI firmware for some Intel(R) Processors. This may allow a privileged user to potentially enable escalation of privilege via local access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Processors (affected versions not specified) **Description** The issue concerns improper input validation in the UEFI firmware for some Intel(R) Processors. This may allow a privileged user to potentially enable information disclosure via local access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) processors (affected versions not specified) **Description** The issue is related to improper input validation in the XmlCli feature for UEFI firmware, which may allow a privileged user to potentially enable escalation of privilege via local access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Intel CIP software versions prior to 2.4.10852 Description: The issue is related to improper input validation in Intel CIP software, which may allow a privileged user to potentially enable escalation of privilege via local access. This could potentially be exploited by an attacker to gain elevated privileges. Recommendations: For versions prior to 2.4.10852, update to version 2.4.10852 or later to resolve the issue. As a temporary workaround, consider restricting local access to the system to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions Description: The issue is related to improper input validation in the BIOS and firmware update software, which may allow a privileged user to potentially enable escalation of privilege via local access. This could be exploited by an attacker to elevate their privileges. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Intel(R) Server Board S2600BP Family (affected versions not specified) Description: The issue is related to improper input validation in UEFI firmware, which may allow a privileged user to potentially enable escalation of privilege via local access. This could be exploited by an attacker to gain higher privileges. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Server Board S2600ST Family versions prior to 02.01.0017 **Description** The issue exists due to improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmware. This may allow a privileged user to potentially enable escalation of privilege via local access. **Recommendations** For versions prior to 02.01.0017, update the firmware to version 02.01.0017 or later to resolve the issue. As a temporary workaround, consider restricting local access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Supermicro X11DPH-T versions prior to BIOS firmware 4.4 Supermicro X11DPH-Tq versions prior to BIOS firmware 4.4 Supermicro X11DPH-i versions prior to BIOS firmware 4.4 **Description** A vulnerability was discovered in the SMM callout component of Supermicro BMC controller firmware, related to a buffer overflow in memory. Exploitation of this issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Supermicro X11DPH-T with BIOS firmware before 4.4, update the BIOS firmware to version 4.4 or later. For Supermicro X11DPH-Tq with BIOS firmware before 4.4, update the BIOS firmware to version 4.4 or later. For Supermicro X11DPH-i with BIOS firmware before 4.4, update the BIOS firmware to version 4.4 or later.

**Name of the Vulnerable Software and Affected Versions** Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4 **Description** The issue is related to an arbitrary memory write vulnerability in the BIOS firmware of certain Supermicro motherboards. This vulnerability can be exploited to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4, update the BIOS firmware to version 4.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Supermicro X11DPG-HGX2 versions prior to BIOS firmware 4.4 Supermicro X11PDG-QT versions prior to BIOS firmware 4.4 Supermicro X11PDG-OT versions prior to BIOS firmware 4.4 Supermicro X11PDG-SN versions prior to BIOS firmware 4.4 **Description** An arbitrary memory write vulnerability was discovered, which may allow an attacker to impact the confidentiality, integrity, and availability of protected information. The issue is related to a buffer overflow in the BMC controller's firmware. **Recommendations** For Supermicro X11DPG-HGX2, update the BIOS firmware to version 4.4 or later. For Supermicro X11PDG-QT, update the BIOS firmware to version 4.4 or later. For Supermicro X11PDG-OT, update the BIOS firmware to version 4.4 or later. For Supermicro X11PDG-SN, update the BIOS firmware to version 4.4 or later.

**Name of the Vulnerable Software and Affected Versions** Dell Client Platform BIOS (affected versions not specified) **Description** The issue is related to an Improper Input Validation vulnerability in an externally developed component of the Dell Client Platform BIOS. A high-privileged attacker with local access could potentially exploit this, leading to code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell Client Platform BIOS (affected versions not specified) **Description** The issue is related to an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell Client Platform BIOS (affected versions not specified) **Description** The issue is related to an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell BIOS (affected versions not specified) **Description** The issue is related to an Out-of-Bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this, leading to denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel NUC (affected versions not specified) **Description** The issue is related to improper buffer restrictions in some Intel NUC BIOS firmware, which may allow a privileged user to potentially enable escalation of privilege via local access. This can be exploited by a user with local access to potentially gain higher privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.