Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-52712

Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially leading code execution in SMM

Published

2024-05-28T07:15:10.810

Last Modified

2025-01-17T18:29:32.770

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-284
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	huawei	curiem-wfg9b_firmware	ota-curiem-b-bios-2.28	Yes
Hardware	huawei	curiem-wfg9b	-	No

References

https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-iiacviahpp-71ce77ee-en Vendor Advisory ([email protected])
https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-iiacviahpp-71ce77ee-en Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)