CVE-2024-36877 in MSI Motherboards Opens Door to Code Execution Attacks, PoC Published
A critical vulnerability identified as CVE-2024-36877 has been discovered in MSI motherboards, specifically affecting those with Intel 300 or later chipsets and AM4 and AM5 chipsets. This vulnerability is located in the System Management Mode (SMM) handler of the motherboards, which is responsible for managing critical system tasks. Due to a buffer overflow in the SMM driver, attackers could potentially execute arbitrary code on the affected systems, leading to a complete system compromise. The vulnerability has been given a CVSS score of 8.2, indicating a high severity level. Security researcher Jared Jensen has released technical details and a proof-of-concept exploit, urging immediate action to mitigate the risk. MSI has acknowledged the issue and is in the process of releasing BIOS updates for the affected chipsets to address the vulnerability. Users are advised to update their BIOS using downloads from MSI's official website or other trusted sources to ensure firmware integrity. CVEs: CVE-2024-36877 [View Article](https://securityonline.info/cve-2024-36877-in-msi-motherboards-opens-door-to-code-execution-attacks-poc-published/)