CVE-2024-33657 HIGH

CVE-2024-33657: Smm Callout in SmmComputrace Module

Vendor Ami

Product AptioV

Weakness CWE-20 · Input validation

Published August 21, 2024

Last update August 22, 2024

View on NVD All CVEs

CVSS base score

7.8/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks.

Key dates

02Disclosure timeline

August 21, 2024 CVE published

August 22, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-33657

Related vulnerabilities

04Related CVE

CVE-2024-1378 Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Mangement Console CVE-2023-28040 CVE-2023-36406 Windows Hyper-V Information Disclosure Vulnerability CVE-2018-0416 Cisco Wireless LAN Controller Software Information Disclosure Vulnerability CVE-2020-3577 Cisco Firepower Threat Defense Software Inline Pair/Passive Mode Denial of Service Vulnerability