Bypassing Protections and Leaking/Corrupting SMM Memory: Vulnerabilities in AmdPspP2CmboxV2
CVE-2023-52712

7.8HIGH

Key Information:

Vendor: Huawei
Status: Curiem-wfg9b
Vendor: CVE Published:; 28 May 2024

Summary

The vulnerability arises from various issues connected to an exposed SMI handler within the AMD Processor Security Suite. This flaw allows an attacker to bypass the safeguards implemented during previous UEFI phases, leading to unauthorized access to the SPI flash. Additionally, attackers can exploit this vulnerability to leak and compromise SMM memory, potentially resulting in arbitrary code execution within the System Management Mode (SMM). Organizations utilizing affected AMD products are advised to review and mitigate risks associated with this vulnerability.

Affected Version(s)

CurieM-WFG9B OTA-CurieM-B-BIOS-2.28

References

https://www.huawei.com/en/psirt/security-advisories/2024/...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 28, 2024
Vulnerability Reserved
Mar 21, 2024