CVE-2024-36877

Name of the Vulnerable Software and Affected Versions Micro-Star International Z-series motherboards versions Z590, Z490, and Z790 Micro-Star International B-series motherboards versions B760, B560, B660, and B460 Micro-Star International motherboards with firmware 7D25v14, 7D25v17 through 7D25v19, and 7D25v1A through 7D25v1H

Description A write-what-where condition was discovered in the SW handler for SMI 0xE3 in the System Management Mode (SMM) driver of Micro-Star International motherboards. This issue can allow threat actors to execute code and install bootkits on affected systems. The affected motherboards include those with Intel 300, Intel 400, Intel 500, Intel 600, Intel 700, AMD 300, AMD 400, AMD 500, AMD 600, and AMD 700 chipsets.

Recommendations For Micro-Star International Z-series motherboards versions Z590, Z490, and Z790 with firmware 7D25v14, 7D25v17 through 7D25v19, and 7D25v1A through 7D25v1H, update the firmware to a version that contains the fix for this issue. For Micro-Star International B-series motherboards versions B760, B560, B660, and B460 with firmware 7D25v14, 7D25v17 through 7D25v19, and 7D25v1A through 7D25v1H, update the firmware to a version that contains the fix for this issue. As a temporary workaround, consider disabling the SMM driver until a patch is available. Restrict access to the SW handler for SMI 0xE3 to minimize the risk of exploitation.