CVE-2023-52711

HIGH

Huawei Curiem-wfg9b Firmware - Memory Leak

Title source: rule

Description

Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory thus potentially leading code execution in SMM

References (1)

[Vendor Advisory] https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-voiiaciahpp-6376e0c7-en

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 0.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-284 CWE-401

Status published

Affected Products (1)

huawei/curiem-wfg9b_firmware

Timeline

Published May 28, 2024

Tracked Since Feb 18, 2026