CVE-2024-33657 — Improper Input Validation in Aptiov

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 62.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

AMI Aptiov AMI Aptio V

Timeline

PublishedAug 21

Description

This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5ami/aptiovBKS_5.0 — 5.36

▶NVDami/aptio_v5.0 — 5.36

🔴Vulnerability Details

GHSA

GHSA-8fgq-vqp8-467c: This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information↗2024-08-21

▶

CVEList

Smm Callout in SmmComputrace Module↗2024-08-21

▶