CVE-2024-33656 HIGH

CVE-2024-33656: Memory Leak in SmmComuptrace Module

Vendor Ami

Product AptioV

Weakness CWE-269

Published August 21, 2024

Last update August 21, 2024

View on NVD All CVEs

CVSS base score

7.8/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. This could lead to privilege escalation, arbitrary code execution, and bypassing OS security mechanisms

Key dates

02Disclosure timeline

August 21, 2024 CVE published

August 21, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-33656

Related vulnerabilities

04Related CVE

CVE-2020-25194 MOXA NPort IAW5000A-I/O Series CVE-2023-41957 WordPress Simple Membership plugin <= 4.3.4 - Unauthenticated Membership Role Privilege Escalation vulnerability CVE-2025-61786 Deno's --deny-read check does not prevent permission bypass CVE-2023-48419 An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in EoP CVE-2024-9002