CVE-2023-52547

Name of the Vulnerable Software and Affected Versions Huawei Matebook D16 version CREM-WXX9, BIOS v2.26

Description The issue is related to a memory corruption in the SMI Handler of the HddPassword SMM Module in the UEFI (BIOS) firmware. This can be exploited by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM, potentially leading to code execution in System Management Mode (SMM). The vulnerability is associated with errors in processing input data length parameters in the SMRAM area.

Recommendations For Huawei Matebook D16 version CREM-WXX9, BIOS v2.26, consider updating the BIOS to a version that addresses the memory corruption issue in the SMI Handler of the HddPassword SMM Module. As a temporary workaround, restrict access to the SMRAM area to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.