Bypassing Protections and Leaking/Corrupting SMM Memory: Vulnerabilities in AmdPspP2CmboxV2
CVE-2023-52711

7.8HIGH

Key Information:

Vendor: Huawei
Status: Curiem-wfg9b
Vendor: CVE Published:; 28 May 2024

Summary

The issue centers around exposed System Management Interrupt (SMI) handlers in the AmdPspP2CmboxV2, which can allow adversaries to bypass existing protections established during previous UEFI phases. Additionally, the vulnerability enables the potential leaking and corruption of SMM memory. This situation raises concerns over the integrity and security of the system, as it could lead to unauthorized code execution within the System Management Mode, thereby compromising the overall security framework.

Affected Version(s)

CurieM-WFG9B CurieM-WFG9B BIOS 2.28

References

https://www.huawei.com/en/psirt/security-advisories/2024/...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 28, 2024
Vulnerability Reserved
Mar 21, 2024