Buffer Overrun Vulnerability in Huawei Matebook D16 Could Lead to Code Execution
CVE-2023-52710

7.8HIGH

Key Information:

Vendor: Huawei
Status: Curiem-wfg9b
Vendor: CVE Published:; 28 May 2024

What is CVE-2023-52710?

A buffer overflow vulnerability has been identified in the Huawei Matebook D16 specifically affecting the model CREM-WXX9 running BIOS version v2.26. The vulnerability arises from improper validation of communication buffer sizes, which can lead to unintended overlap with the start of System Management RAM (SMRAM). This situation may allow an attacker with malicious intent to manipulate the data structures stored in SMRAM, potentially facilitating unauthorized code execution in System Management Mode (SMM). Proper mitigation and updates are advised for affected users to enhance security.

Affected Version(s)

CurieM-WFG9B OTA-CurieM-BIOS-2.29

References

https://www.huawei.com/en/psirt/security-advisories/2024/...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2024
Vulnerability Reserved
Mar 21, 2024