Bypassing Protections and Leaking/Corrupting SMM Memory: Vulnerabilities in AmdPspP2CmboxV2
CVE-2023-52712

7.8HIGH

Key Information:

Vendor: Huawei
Status: Curiem-wfg9b
Vendor: CVE Published:; 28 May 2024

What is CVE-2023-52712?

The vulnerability arises from various issues connected to an exposed SMI handler within the AMD Processor Security Suite. This flaw allows an attacker to bypass the safeguards implemented during previous UEFI phases, leading to unauthorized access to the SPI flash. Additionally, attackers can exploit this vulnerability to leak and compromise SMM memory, potentially resulting in arbitrary code execution within the System Management Mode (SMM). Organizations utilizing affected AMD products are advised to review and mitigate risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CurieM-WFG9B OTA-CurieM-B-BIOS-2.28

References

https://www.huawei.com/en/psirt/security-advisories/2024/...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 28, 2024
Vulnerability Reserved
Mar 21, 2024

JSON

Huawei

What is CVE-2023-52712?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.