CVE-2024-36354High
Share link
Anyone with the link can open this vulnerability.
Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a sy…
CVSS
7.5
High
EPSS
0.00
p4
Published
2024-01-01
Updated
2024-01-01
Description
Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to bypass SMM isolation potentially resulting in arbitrary code execution at the SMM level.
Tags · CWE
CWE-1231
CWE-1231BaseStable
Improper Prevention of Lock Bit Modification
The product uses a trusted lock bit for restricting access to registers, address regions, or other resources, but the product does not prevent the value of the lock bit from being modified after it has been set.
https://cwe.mitre.org/data/definitions/1231.html →Open in CWE collection →CAPEC-680
CAPEC-680DetailedDraft
Exploitation of Improperly Controlled Registers
https://capec.mitre.org/data/definitions/680.html →Open in CAPEC collection →
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Timeline
2024-01-01
Published
2024-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: L
Local (L)
Attack Complexity
AC: H
High (H)
Privileges Required
PR: H
High (H)
User Interaction
UI: N
None (N)
Scope
S: C
Changed (C)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.002 · p4
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
No vulnerabilities match your filters.