CVE-2024-36877 in MSI Motherboards Opens Door to Code Execution Attacks, PoC Published - #CVE-2024-36877
A critical vulnerability identified as CVE-2024-36877 has been discovered in MSI motherboards with Intel 300 or later, as well as AM4 and AM5 chipsets. This flaw resides in the System Management Mode (SMM) handler, potentially allowing attackers to execute arbitrary code due to a buffer overflow in the SMM driver. The vulnerability has received a CVSS score of 8.2, signifying a high level of severity. Security researcher Jared Jensen has provided technical details and a proof-of-concept exploit, urging immediate action for mitigation. MSI has acknowledged the problem and is in the process of releasing BIOS updates to fix the issue. Users are strongly advised to update their BIOS from MSI's official website or other trusted sources to ensure firmware integrity.