CVE-2022-26873

CVSS v3.1

8.2

High

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions AMI Aptio versions 5.x

Description A potential attacker can execute arbitrary code at the time of the PEI phase and influence subsequent boot stages, leading to mitigations bypassing, physical memory contents disclosure, discovery of secrets from Virtual Machines (VMs), and bypassing memory isolation and confidential computing boundaries. An attacker can also build a payload to be injected into the SMRAM memory. This issue is related to the PlatformInitAdvancedPreMem module.

Recommendations For AMI Aptio versions 5.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Stack Overflow

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121CWE-427

Related Identifiers

BDU:2022-04340

CVE-2022-26873

Affected Products

Ami Aptiov

CVE-2022-26873

Weakness Enumeration

Related Identifiers

Affected Products

References · 11