SMM Vulnerability Allows Privileged Attackers to Execute Arbitrary Code and Leak Information
CVE-2024-33657
7.8HIGH
Key Information:
- Vendor
- Ami
- Status
- Aptiov
- Vendor
- CVE Published:
- 21 August 2024
Summary
This vulnerability in AMI firmware relates to the System Management Mode (SMM) and affects certain firmware modules. It permits attackers with privileged access to execute arbitrary code, manipulate the stack memory, and leak sensitive information from the System Management RAM (SMRAM) to kernel space. Such exploits pose significant risks, including potential denial-of-service attacks, which could compromise system availability and integrity. Organizations utilizing affected versions of AMI firmware should prioritize applying patches and updates to mitigate these risks.
Affected Version(s)
AptioV BKS_5.0 <= 5.36
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved