Primary

Context

Intel UEFI PdaSmm Module Information Disclosure Vulnerability

Vulnerability

A time-of-check time-of-use race condition has been identified in the UEFI PdaSmm module on certain Intel reference platforms. This vulnerability may allow information disclosure. It requires a privileged user and involves a high complexity attack, potentially leading to unauthorized data exposure. The issue can occur through local access, without special internal knowledge, and requires no user interaction.

Impact

Exploitation of this vulnerability could result in unauthorized information disclosure.

Remediation

Users are advised to update to the latest UEFI firmware version provided by their system manufacturer that addresses this vulnerability.

Added: Mar 10, 2026, 11:59 PM

Updated: Mar 10, 2026, 11:59 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

3.3

exploitability

2.4

remediation

0.0

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

3.3

exploitability

2.4

remediation

0.0

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Intel UEFI PdaSmm Module Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Intel Xeon Processor D

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating