Micro-Star International Motherboards Vulnerable to Write-What-Where Issue
CVE-2024-36877

8.2HIGH

Key Information:

Vendor: Micro-Star International
Vendor: CVE Published:; 12 August 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

Micro-Star International's Z-series and B-series motherboards are exposed to a vulnerability that impacts system integrity through a write-what-where condition in the SMI (System Management Interrupt) handler. Affected firmware versions include several iterations, specifically from 7D25v14 to 7D25v19 and 7D25v1A to 7D25v1H. This vulnerability affects multiple Intel and AMD chipsets, including Intel 300, 400, 500, 600, 700 series, and AMD 300, 400, 500, 600, 700 series. The implications of this flaw include potential unauthorized access and modification of system memory, highlighting the necessity for firmware updates to safeguard against exploitation.

News Articles

jjensn.com

CVE-2024-36877

At Home In Your Firmware: Analysis of CVE-2024-36877

How I exploited a SMM Memory Corruption Vulnerability in MSI firmware

References

https://csr.msi.com/global/product-security-advisories

https://jjensn.com/at-home-in-your-firmware/

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

👾
Exploit known to exist
Aug 15, 2024
📰
First article discovered by jjensn.com
Aug 15, 2024
Vulnerability published
Aug 12, 2024
Vulnerability Reserved
May 30, 2024

Key Information:

Badges

Summary

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

At Home In Your Firmware: Analysis of CVE-2024-36877

References

CVSS V3.1

Timeline