SMM Vulnerability Allows Privileged Attackers to Execute Arbitrary Code and Leak Information

CVE-2024-33657

7.8HIGH

Key Information

Vendor: Ami
Status: Aptiov
Vendor: CVE Published:; 21 August 2024

Summary

This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks.

Affected Version(s)

AptioV <= 5.36

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Aug 21, 2024
Vulnerability Reserved.
Apr 25, 2024

Collectors

NVD DatabaseMitre Database