Описание
Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to bypass SMM isolation potentially resulting in arbitrary code execution at the SMM level.
EPSS
Процентиль: 1%
0.00009
Низкий
7.5 High
CVSS3
Дефекты
CWE-1231
Связанные уязвимости
CVSS3: 7.5
github
5 месяцев назад
Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to bypass SMM isolation potentially resulting in arbitrary code execution at the SMM level.
EPSS
Процентиль: 1%
0.00009
Низкий
7.5 High
CVSS3
Дефекты
CWE-1231