CVE-2024-36877 in MSI Motherboards Opens Door to Code Execution Attacks, PoC Published
MSI, a leading manufacturer of computer hardware, has recently disclosed a critical vulnerability, tracked as CVE-2024-36877, that affects a wide range of its motherboards. The vulnerability, residing in the System Management Mode (SMM) handler, could allow attackers to execute arbitrary code on affected systems, potentially leading to full system compromise.
The System Management Mode (SMM) is a highly privileged operating environment within the firmware of modern computers. It handles critical tasks such as power management and system updates, making it an attractive target for attackers. The vulnerability discovered in MSI motherboards stems from a buffer overflow in the SMM driver, which can be exploited to inject and execute malicious code.
The vulnerability affects MSI motherboards equipped with Intel 300 or later chipsets, as well as those using AM4 and AM5 chipsets. This translates to a significant number of systems potentially at risk. The severity of the vulnerability is underscored by its CVSS score of 8.2, classifying it as “High” severity.
Security researcher Jared Jensen, credited with discovering the flaw, has publicly released technical details and proof-of-concept exploit code. This makes it imperative for users to take immediate action to mitigate the risk.
MSI has acknowledged the vulnerability and is actively working on BIOS updates to address the issue. While BIOS updates for some chipsets, such as Intel 300, 400, 500, and AMD 300, 400, and 500, have been completed, updates for Intel 600, Intel 700, and AMD 600 chipsets are still in progress.
To mitigate the risks associated with CVE-2024-36877, MSI advises all users of affected motherboards to update their BIOS as soon as possible. Users should download BIOS updates exclusively from MSI’s official website or other trusted sources to ensure the integrity of the firmware.
