According to ITNews , Quarkslab warned that these security vulnerabilities can be exploited by unauthenticated remote attackers on the same local network, and in some cases, even remotely. The researchers said the impacts of these vulnerabilities include DDoS, information leakage, remote code execution, DNS cache poisoning, and network session hijacking.
UEFI is the most commonly used BIOS system.
The CERT Cybersecurity Coordination Center at Carnegie Mellon University (USA) said that this error was identified in the implementation process from UEFI vendors, including American Megatrends, Insyde Software, Intel and Phoenix Technologies, while Toshiba was not affected.
Insyde Software, AMI, and Phoenix Technologies have all confirmed to Quarkslab that they are providing fixes. Meanwhile, the bug is still being investigated by 18 other vendors, including big names like Google, HP, Microsoft, ARM, ASUSTek, Cisco, Dell, Lenovo, and VAIO.
The bugs reside in EDK II's TCP/IP stack, NetworkPkg, which is used for network booting and is especially important in data centers and HPC environments for automating early boot phases. The three most severe bugs, all with CVSS scores of 8.3, are related to DCHPv6 handle buffer overflows, including CVE-2023-45230, CVE-2023-45234, and CVE-2023-45235. The other bugs have CVSS scores ranging from 5.3 to 7.5.
Source link
![[Video] The craft of making Dong Ho folk paintings has been inscribed by UNESCO on the List of Crafts in Need of Urgent Safeguarding.](https://vphoto.vietnam.vn/thumb/402x226/vietnam/resource/IMAGE/2025/12/10/1765350246533_tranh-dong-ho-734-jpg.webp)
Comment (0)