Skip to main content

Write-what-where Condition

CVE-2024-36877

Severity High
Score 8.2/10

Summary

Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain a write-what-where condition in the in the SW handler for SMI 0xE3. Motherboard's with the following chipsets are affected: Intel 300, Intel 400, Intel 500, Intel 600, Intel 700, AMD 300, AMD 400, AMD 500, AMD 600 and AMD 700.

  • LOW
  • LOCAL
  • HIGH
  • CHANGED
  • NONE
  • HIGH
  • HIGH
  • HIGH

CWE-123 - Write-what-where Condition

Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow.

References

Advisory Timeline

  • Published