CVE-2023-52712

May 28, 2024, 12:39 p.m.

7.8
High

Description

Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially leading code execution in SMM

Product(s) Impacted

Product Versions
UNKNOWN
  • []
AMD Platform Security Processor (PSP)
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-iiacviahpp-71ce77ee-en

Tags

CWE-284
psirt@huawei.com
2024-05-28
CVE-2023-52712

CVSS Score

7.8 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: May 28, 2024, 7:15 a.m.
Last Modified: May 28, 2024, 12:39 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@huawei.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.