CVE-2023-52712

HIGH

Huawei Curiem-WFG9B Firmware - Improper Access Control via Exposed SMI Handler

Title source: llm

Description

Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially leading code execution in SMM

References (1)

Core 1

Core References

Vendor Advisory

https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-iiacviahpp-71ce77ee-en

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 0.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (1)

huawei/curiem-wfg9b_firmware ota-curiem-b-bios-2.28

Published May 28, 2024

Tracked Since Feb 18, 2026