CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
9.5%
A flaw was found in hw. Improper validation in a model-specific register (MSR) could allow a malicious program with ring0 access to modify the SMM configuration while the SMI lock is enabled. This issue can lead to arbitrary code execution.
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.