CVE-2023-52710

Name of the Vulnerable Software and Affected Versions Huawei Matebook D16 (Model: CREM-WXX9, BIOS: v2.26)

Description The issue is related to insufficient validation of exceptional states in the UEFI (BIOS) firmware of Huawei personal computers. This can be exploited by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM, potentially leading to code execution in SMM. The communication buffer size has not been properly validated, allowing it to partially overlap with the beginning of SMRAM.

Recommendations For Huawei Matebook D16 (Model: CREM-WXX9, BIOS: v2.26), consider updating the BIOS to a version that properly validates the communication buffer size to prevent overlap with SMRAM and potential code execution in SMM. As a temporary workaround, restrict access to sensitive areas of SMRAM to minimize the risk of exploitation.