Advisories

[BRLY-LOGOFAIL-2023-024] Memory Corruption vulnerability in DXE driver

Binarly REsearch Team has discovered a lack of validation on output buffer leads to OOB Write operations during GIF file processing in AMI firmware.

[BRLY-LOGOFAIL-2023-029] Memory contents leak / information disclosure vulnerability in DXE driver

Binarly REsearch Team has discovered an OOB Read vulnerability in the decode routine during GIF file processing in Phoenix firmware.

[BRLY-LOGOFAIL-2023-028] Memory Corruption vulnerability in DXE driver

Binarly REsearch Team has discovered an OOB Write vulnerability in the decode routine during GIF file processing in Phoenix firmware.

[BRLY-LOGOFAIL-2023-027] Memory Corruption vulnerability in DXE driver

Binarly REsearch Team has discovered an OOB Write vulnerability in the decode routine during BMP file processing in Phoenix firmware.

[BRLY-LOGOFAIL-2023-030] Memory Corruption vulnerability in DXE driver.

Binarly REsearch Team has discovered wrong error handling during JPEG file processing in Phoenix firmware which leads to several vulnerabilities, including an OOB Write in the Huffman table decoding routine.

[BRLY-DVA-2023-025] SMM memory corruption vulnerability in combined DXE/SMM driver on Fujitsu device (SMRAM write)

Binarly REsearch Team has discovered a SMM memory corruption vulnerability in a Fujitsu device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

[BRLY-DVA-2023-026] SMM memory corruption vulnerability in combined DXE/SMM driver on Fujitsu device (SMRAM write)

Binarly REsearch Team has discovered a SMM memory corruption vulnerability in a Fujitsu device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

[BRLY-DVA-2023-027] SMM arbitrary code execution vulnerability in SMM module on Fujitsu device

Binarly REsearch Team has discovered an SMM arbitrary code execution vulnerability on a Fujitsu device allowing a potential attacker to hijack execution flow of code running in the System Management Mode. Exploitation of this issue could lead to escalation of privileges to SMM.

[BRLY-DVA-2023-028] SMM memory corruption vulnerability in SMM module on Fujitsu device (SMRAM write)

Binarly REsearch Team has discovered a SMM memory corruption vulnerability in a Fujitsu device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

[BRLY-LOGOFAIL-2023-026] Memory contents leak / information disclosure vulnerability in DXE driver

Binarly REsearch Team has discovered a memory contents leak / information disclosure vulnerability. Lack of synchronization between ImageSize in BMP Image Header and ImageIndex allows OOB Read.

[BRLY-DVA-2023-029] SMM memory corruption vulnerability in SMM module on Fujitsu device (SMRAM write)

Binarly REsearch Team has discovered a SMM memory corruption vulnerability in a Fujitsu device allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

[BRLY-2024-002] OOB Read in Lighttpd 1.4.45 used in Intel M70KLP series firmware

Binarly REsearch Team has discovered a Heap Out-of-bounds Read vulnerability in the web server component of Intel BMC firmware, allowing a potential attacker to exfiltrate sensitive information from Lighttpd process memory.

[BRLY-2024-003] OOB Read in Lighttpd 1.4.35 used in Lenovo BMC firmware

Binarly REsearch Team discovered a Heap Out-of-bounds Read vulnerability in the web server component of Lenovo BMC firmware, allowing a potential attacker to exfiltrate sensitive information from Lighttpd process memory.

[BRLY-2024-004] OOB Read in Lighttpd before 1.4.51

Binarly REsearch Team has discovered a Heap Out-of-bounds Read vulnerability in the `lighttpd` web server, allowing a potential attacker to exfiltrate sensitive information from process memory.

[BRLY-2023-005] Arbitrary calls to SetVariable with unsanitized arguments in SMI handler

Binarly REsearch Team has discovered a SMI handler that passes attacker controlled arguments to SmmSetVariable() without any sort of filtering/sanitization.

[BRLY-2023-004] SMM memory corruption vulnerability in SMM driver (SMRAM write).

Binarly REsearch Team identified an SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

[BRLY-2023-006] Multiple vulnerabilities in image parsing functions can be exploited by an attacker with local access.

BINARLY REsearch team has uncovered multiple critical vulnerabilities in the image parsing libraries used to parse customized boot logos.

[BRLY-2023-018] Multiple vulnerabilities in image parsing functions can be exploited by an attacker with local access.

BINARLY REsearch team has uncovered multiple critical vulnerabilities in the libraries used to parse image data formats and thus logos.

[BRLY-2022-038] Stack buffer overflow vulnerability leads to arbitrary code execution in a DXE driver on Intel platform.

Binarly REsearch Team has discovered a stack overflow vulnerability that allows a local root user to access a UEFI DXE driver and execute arbitrary code.

[BRLY-2022-041] The stack memory contents leak / information disclosure vulnerability in DXE driver.

Binarly REsearch Team has discovered a stack memory contents leak / information disclosure vulnerability that allows a potencial attacker to write stack memory to NVRAM variable.

[BRLY-2022-039] SMRAM memory contents leak / information disclosure vulnerability in SMM driver (SMRAM read).

Binarly REsearch Team identified an SMM memory contents leak / information disclosure vulnerability, which allows an attacker to read portions of SMRAM memory. This in turn could help building a successful attack vector exploiting SMM memory corruption vulnerability.

[BRLY-2022-040] The stack memory contents leak / information disclosure vulnerability in DXE driver.

Binarly REsearch Team has discovered a stack memory contents leak / information disclosure vulnerability that allows a potencial attacker to write stack memory to NVRAM variable.

[BRLY-2023-009] Cross-site scripting vulnerability in Supermicro BMC IPMI firmware in the config_ssl_fw_reset webpage using port GET parameter

Binarly REsearch Team has discovered a DOM-based cross-site scripting (XSS) vulnerability in the config_ssl_fw_reset webpage that uses port GET parameter, included in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to gain access to an account with administrator privileges.

[BRLY-2023-007] Cross-site scripting vulnerability in Supermicro BMC IPMI firmware in the config_ip_ctrl_change webpage using index GET parameter

Binarly REsearch Team has discovered a DOM-based cross-site scripting (XSS) vulnerability in the config_ip_ctrl_change webpage that uses index GET parameter, included in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to gain access to an account with administrator privileges.

Command injection vulnerability in Supermicro BMC IPMI firmware

Binarly REsearch Team has discovered a command injection vulnerability in the web server component of Supermicro BMC IPMI firmware, allowing a possible attacker to execute arbitrary code.