CVE-2023-52547

Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26. Memory Corruption in SMI Handler of HddPassword SMM Module. This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in SMM.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-iholpiiahpp-0ab7d6db-en
https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-iholpiiahpp-0ab7d6db-en

Configurations

No configuration.

History

21 Nov 2024, 08:40

Type	Values Removed	Values Added
References	~~() https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-iholpiiahpp-0ab7d6db-en -~~	() https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-iholpiiahpp-0ab7d6db-en -

28 May 2024, 12:39

Type	Values Removed	Values Added
Summary		(es) Huawei Matebook D16 (Modelo: CREM-WXX9, BIOS: v2.26. Corrupción de la memoria en el controlador SMI del módulo SMM HddPassword. Un atacante malicioso del sistema operativo puede aprovechar esto para corromper las estructuras de datos almacenadas al comienzo de SMRAM y puede conducir potencialmente a Ejecución de código en SMM.

28 May 2024, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-28 07:15

Updated : 2024-11-21 08:40

NVD link : CVE-2023-52547

Mitre link : CVE-2023-52547

CVE.ORG link : CVE-2023-52547

JSON object : View

Products Affected

No product.

CWE

CWE-130

Improper Handling of Length Parameter Inconsistency

7.8 /10