CVE-2023-52711

Name of the Vulnerable Software and Affected Versions AmdPspP2CmboxV2 (affected versions not specified)

Description The issue is related to an exposed SMI handler in AmdPspP2CmboxV2, which can be leveraged to bypass protections put in place by previous UEFI phases, allowing direct access to the SPI flash. Additionally, it can be used to leak and corrupt SMM memory, potentially leading to code execution in SMM. The vulnerability is also associated with incorrect access control in UEFI (BIOS) firmware of personal computers, allowing an attacker to gain unauthorized access to arbitrary functions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.