CVE-2023-52711

Published May 28, 2024

Last updated 4 months ago

CVSS high 7.8

Overview

Description: Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory thus potentially leading code execution in SMM
Source: psirt@huawei.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

psirt@huawei.com: CWE-284
nvd@nist.gov: CWE-401

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:huawei:curiem-wfg9b_firmware:curiem-wfg9b_bios_2.28:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EEA4852-6B9E-4FC0-A789-763EC2FCE6D4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:huawei:curiem-wfg9b:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "53861342-BCF5-49E5-A4C5-C1D1C472C8FF"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References