Auto-Update: 2024-05-28T08:00:46.061917+00:00

CVE-2022/CVE-2022-486xx/CVE-2022-48681.json

@@ -2,7 +2,7 @@
   "id": "CVE-2022-48681",
   "sourceIdentifier": "psirt@huawei.com",
   "published": "2024-05-28T04:15:08.623",
-  "lastModified": "2024-05-28T04:15:08.623",
+  "lastModified": "2024-05-28T07:15:08.470",
   "vulnStatus": "Received",
   "descriptions": [
     {
@@ -47,6 +47,10 @@
     }
   ],
   "references": [
+    {
+      "url": "https://https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-samovishss-28e21e39-en",
+      "source": "psirt@huawei.com"
+    },
     {
       "url": "https://www.huawei.com/cn/psirt/security-advisories/2024/huawei-sa-samovishss-28e21e39-cn",
       "source": "psirt@huawei.com"

CVE-2023/CVE-2023-525xx/CVE-2023-52547.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-52547",
+  "sourceIdentifier": "psirt@huawei.com",
+  "published": "2024-05-28T07:15:08.930",
+  "lastModified": "2024-05-28T07:15:08.930",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26. Memory Corruption in SMI Handler of HddPassword SMM Module. This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in SMM."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@huawei.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@huawei.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-130"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-iholpiiahpp-0ab7d6db-en",
+      "source": "psirt@huawei.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-525xx/CVE-2023-52548.json

@@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-52548",
+  "sourceIdentifier": "psirt@huawei.com",
+  "published": "2024-05-28T07:15:09.753",
+  "lastModified": "2024-05-28T07:15:09.753",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26) Arbitrary Memory Corruption in SMI Handler of ThisiServicesSmm SMM module. This can be leveraged by a malicious OS attacker to corrupt arbitrary SMRAM memory and, in turn, lead to code execution in SMM"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@huawei.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@huawei.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-119"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.huawei.com/cn/psirt/security-advisories/2024/huawei-sa-hppvtiroowtboamb-bb3261bd-cn",
+      "source": "psirt@huawei.com"
+    },
+    {
+      "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-hppvtiroowtboamb-bb3261bd-en",
+      "source": "psirt@huawei.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-527xx/CVE-2023-52710.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-52710",
+  "sourceIdentifier": "psirt@huawei.com",
+  "published": "2024-05-28T07:15:10.100",
+  "lastModified": "2024-05-28T07:15:10.100",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26), As the communication buffer size hasn\u2019t been properly validated to be of the expected size, it can partially overlap with the beginning SMRAM.This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in SMM."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@huawei.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@huawei.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-754"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-hppvticfuoec-8ffde288-en",
+      "source": "psirt@huawei.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-527xx/CVE-2023-52711.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-52711",
+  "sourceIdentifier": "psirt@huawei.com",
+  "published": "2024-05-28T07:15:10.490",
+  "lastModified": "2024-05-28T07:15:10.490",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory thus potentially leading code execution in SMM"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@huawei.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@huawei.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-voiiaciahpp-6376e0c7-en",
+      "source": "psirt@huawei.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-527xx/CVE-2023-52712.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-52712",
+  "sourceIdentifier": "psirt@huawei.com",
+  "published": "2024-05-28T07:15:10.810",
+  "lastModified": "2024-05-28T07:15:10.810",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially leading code execution in SMM"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@huawei.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@huawei.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-iiacviahpp-71ce77ee-en",
+      "source": "psirt@huawei.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-05-28T06:00:37.935905+00:00
+2024-05-28T08:00:46.061917+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-05-28T04:15:08.623000+00:00
+2024-05-28T07:15:10.810000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,20 +33,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-251890
+251895
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `1`
+Recently added CVEs: `5`
 
-- [CVE-2022-48681](CVE-2022/CVE-2022-486xx/CVE-2022-48681.json) (`2024-05-28T04:15:08.623`)
+- [CVE-2023-52547](CVE-2023/CVE-2023-525xx/CVE-2023-52547.json) (`2024-05-28T07:15:08.930`)
+- [CVE-2023-52548](CVE-2023/CVE-2023-525xx/CVE-2023-52548.json) (`2024-05-28T07:15:09.753`)
+- [CVE-2023-52710](CVE-2023/CVE-2023-527xx/CVE-2023-52710.json) (`2024-05-28T07:15:10.100`)
+- [CVE-2023-52711](CVE-2023/CVE-2023-527xx/CVE-2023-52711.json) (`2024-05-28T07:15:10.490`)
+- [CVE-2023-52712](CVE-2023/CVE-2023-527xx/CVE-2023-52712.json) (`2024-05-28T07:15:10.810`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `1`
 
+- [CVE-2022-48681](CVE-2022/CVE-2022-486xx/CVE-2022-48681.json) (`2024-05-28T07:15:08.470`)
 
 
 ## Download and Usage

_state.csv

@@ -211981,7 +211981,7 @@ CVE-2022-48673,0,0,9605618fa7597ed94995f84a27fb057932599afff122e438d60e99636f587
 CVE-2022-48674,0,0,fa42813fe90b0585e3ad673a0800f86f62acc80eb213e88f44bacff6d05e9fd4,2024-05-23T19:36:25.633000
 CVE-2022-48675,0,0,ffdc7ff07043ff8d904f74a8a1b71fad7bff2a559dea9c5bb178531131fc30c0,2024-05-23T20:33:42.183000
 CVE-2022-4868,0,0,49bc3762269009af54870f2860cabd5c2f0372571503d002526079fe993a74bc,2023-01-06T21:20:41.477000
-CVE-2022-48681,1,1,ee619af1bd07e9b0f3c69adf1f3dc953c80ca076d732216baf0619655c890970,2024-05-28T04:15:08.623000
+CVE-2022-48681,0,1,9e7073e34e9e8c7a99139e60cad321857fdd2e4e9eedbb45eeb8252f3a098e62,2024-05-28T07:15:08.470000
 CVE-2022-48682,0,0,a9e8566df4d423615eab0842eba8f88c67d4de5de15c1876586d34ed294d4bbf,2024-04-26T12:58:17.720000
 CVE-2022-48684,0,0,183793e4ba2f09101fce115e434fee8cb8ff9c6a4ec46d5771edf2b59c69d11d,2024-04-29T12:42:03.667000
 CVE-2022-48685,0,0,ffa3e1d85b1e2d4bd3c19f046cb04890a395016777f2401ecc051ad5f33c92b4,2024-04-29T12:42:03.667000
@@ -238040,6 +238040,8 @@ CVE-2023-52543,0,0,96cbb9c63e763444820892c7ea5efee2df71c41bd28581892639f66a6a56d
 CVE-2023-52544,0,0,b8f9dfcd8e084326549a47e222528becd132d7752a5bb142236d04dce4e2e08e,2024-04-08T18:48:40.217000
 CVE-2023-52545,0,0,f8ad27aae442eed0a3dd2f998164c3c106828ee316ba6775ec94c0b831b59e4e,2024-04-08T18:48:40.217000
 CVE-2023-52546,0,0,98e83b458ee5ccf9e1559640eef1a61ae796d230ceddac590d5e3e1ef188ba7c,2024-04-08T18:48:40.217000
+CVE-2023-52547,1,1,0c25c96425d4fb800aef08164a588490bcdbd5daab74053d2a77671003a413c7,2024-05-28T07:15:08.930000
+CVE-2023-52548,1,1,65cde8d41632d15c891d7017055fc731391545a45ba91bf7f51b02299f87349d,2024-05-28T07:15:09.753000
 CVE-2023-52549,0,0,064dba9aa8a5e58753593db89b3a8652ddfce895e5228c52376f3a9b60547bd3,2024-04-08T18:48:40.217000
 CVE-2023-5255,0,0,7b00041b943da6551d182c3ce2fdbb603d656d59887e0f5b6c6238fdb452d7ad,2023-10-05T16:48:26.820000
 CVE-2023-52550,0,0,0ed3b46b04f5be2ab55ecd4fa9e7b72bd0bb7ac1ab5de511ef41abd80f8d8ea5,2024-04-08T18:48:40.217000
@@ -238217,6 +238219,9 @@ CVE-2023-52706,0,0,7d9c0c1398f25f64cb551d39aa33e70e8f9f22a240090f57c2f33850d1e43
 CVE-2023-52707,0,0,afa67acbd2d4c3b36af0fd1bf97a2513956a69e9bfe403e299f73a97c4e8e16f,2024-05-21T16:53:56.550000
 CVE-2023-52708,0,0,0cf5531d52b4f0e27229e5431a6641f8a33b6ad189d69b571295e2268c7460a8,2024-05-21T16:53:56.550000
 CVE-2023-5271,0,0,70cb4211a176d5dd405f00e1f8e768679b692805db27818df2a991a5138e8644,2024-05-17T02:32:57.007000
+CVE-2023-52710,1,1,8a3c1e11cbcd981449050bf88ec435d64257bb18299910d13d5087402394db72,2024-05-28T07:15:10.100000
+CVE-2023-52711,1,1,a6173461c367b71f9d7e53676fb7b1941cfab6c45c6e42917aec09975a7c9459,2024-05-28T07:15:10.490000
+CVE-2023-52712,1,1,d96c63e5c36fda249ee751f68e210467afbfb00c6972ca915fb3db06a558507a,2024-05-28T07:15:10.810000
 CVE-2023-52713,0,0,a82d0be4af03c7dceedf68675e47448344d098e5d4aaf1d8c272ce3767fe9c32,2024-04-08T18:48:40.217000
 CVE-2023-52714,0,0,991cd44d006c1b2366208e786d7d4a500460a04aecbaa12bc932d9b06456d878,2024-04-08T18:48:40.217000
 CVE-2023-52715,0,0,820cbdfbd6db2c6b83279badddd26d2af4801521939e0773de26b1e63304abe5,2024-04-08T18:48:40.217000