Huawei Curiem-Wfg9B vulnerabilities

5 known vulnerabilities affecting huawei/curiem-wfg9b.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5

Vulnerabilities

Page 1 of 1
CVE-2023-52547HIGHCVSS 7.8vOTA-CurieM-BIOS-2.292024-05-28
CVE-2023-52547 [HIGH] CWE-130 CVE-2023-52547: Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26. Memory Corruption in SMI Handler of HddPassword S Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26. Memory Corruption in SMI Handler of HddPassword SMM Module. This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in SMM.
cvelistv5nvd
CVE-2023-52710HIGHCVSS 7.8vOTA-CurieM-BIOS-2.292024-05-28
CVE-2023-52710 [HIGH] CWE-754 CVE-2023-52710: Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26), As the communication buffer size hasn’t been pro Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26), As the communication buffer size hasn’t been properly validated to be of the expected size, it can partially overlap with the beginning SMRAM.This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in SMM.
cvelistv5nvd
CVE-2023-52548HIGHCVSS 7.8vOTA-CurieM-B-BIOS-2.282024-05-28
CVE-2023-52548 [HIGH] CWE-119 CVE-2023-52548: Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26) Arbitrary Memory Corruption in SMI Handler of Thi Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26) Arbitrary Memory Corruption in SMI Handler of ThisiServicesSmm SMM module. This can be leveraged by a malicious OS attacker to corrupt arbitrary SMRAM memory and, in turn, lead to code execution in SMM
cvelistv5nvd
CVE-2023-52711HIGHCVSS 7.8vCurieM-WFG9B BIOS 2.282024-05-28
CVE-2023-52711 [HIGH] CWE-284 CVE-2023-52711: Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to by Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory thus potentially leading code execution in SMM
cvelistv5nvd
CVE-2023-52712HIGHCVSS 7.8vOTA-CurieM-B-BIOS-2.282024-05-28
CVE-2023-52712 [HIGH] CWE-284 CVE-2023-52712: Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to by Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially leading code execution in SMM
cvelistv5nvd