A high-severity vulnerability exists in multiple products from Improper due to flawed validation of computer memory module metadata. An attacker with privileged or physical access could exploit this flaw to bypass fundamental system security barriers, leading to arbitrary code execution at the firmware level and a complete compromise of the affected system.

The vulnerability stems from improper input validation of Serial Presence Detect (SPD) metadata on Dual In-line Memory Modules (DIMMs). The system's firmware fails to properly sanitize the data it reads from the DIMM's SPD chip during boot. An attacker can exploit this by using one of several methods:

1. Physical Access: Modifying the SPD data on a physical DIMM and inserting it into the target system.
2. Ring0 (Kernel-level) Access: On a system with a non-compliant DIMM, an attacker who has already achieved kernel-level access may be able to interact with the DIMM to trigger the vulnerability.
3. Compromised Update Mechanism: Gaining control over the Root of Trust for BIOS/UEFI updates to manipulate how SPD data is processed.

This vulnerability is rated as High severity with a CVSS score of 7.5. Exploitation could lead to a complete and persistent compromise of affected systems. An attacker with SMM-level access can bypass all operating system security controls, install undetectable malware (firmware rootkits), exfiltrate sensitive data directly from memory, and disable hardware-based security features. The business risks include loss of data confidentiality and integrity, prolonged system downtime, reputational damage, and the potential for the compromised system to be used as a pivot point for further attacks within the network.

Immediate Action: Identify all affected assets and apply the security updates provided by the vendor immediately. Prioritize patching for critical systems, internet-facing servers, and systems in physically accessible locations.

Proactive Monitoring: Monitor for signs of exploitation, including unexpected system reboots, crashes during the boot process, or unauthorized modifications to firmware. Review system and security logs for evidence of privilege escalation that could lead to ring0 access, which is a prerequisite for some attack vectors. Employ firmware integrity monitoring tools to detect unauthorized changes.

Compensating Controls: If immediate patching is not feasible, implement the following controls:

• Enforce strict physical security policies for all assets to prevent unauthorized hardware access.
• Implement the principle of least privilege and robust access controls to prevent attackers from gaining ring0/kernel-level access on systems.
• Secure the BIOS/UEFI update process by enabling signed firmware updates and password-protecting firmware settings to prevent unauthorized modifications.

Public Exploit Available: false

Given the high severity (CVSS 7.5) and the potential for a complete, persistent system compromise, we recommend that organizations prioritize applying the vendor-supplied patches to all affected systems. Although this vulnerability is not currently listed on the CISA KEV list, its impact is critical. Organizations should also review and enhance their physical security controls and internal access management policies to mitigate the non-patchable attack vectors associated with this vulnerability.