CVE-2023-30702

Published: Aug 10, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Stack overflow vulnerability in SSHDCPAPP TA prior to "SAMSUNG ELECTONICS, CO, LTD. - System Hardware Update - 7/13/2023" in Windows Update for Galaxy book Go, Galaxy book Go 5G, Galaxy book2 Go and Galaxy book2 Pro 360 allows local attacker to execute arbitrary code.

Affected (4)

Products: Samsung: Galaxy Book Go Firmware, Galaxy Book Go 5g Firmware, Galaxy Book2 Go Firmware, Galaxy Book2 Pro 360 Firmware

Samsung

4 products

Galaxy Book Go Firmware

Galaxy Book Go 5g Firmware

Galaxy Book2 Go Firmware

Galaxy Book2 Pro 360 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Galaxy Book Go Firmware	All versions

Running on/with	Platform Versions
Samsung Galaxy Book Go	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Galaxy Book Go 5g Firmware	All versions

Running on/with	Platform Versions
Samsung Galaxy Book Go 5g	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Galaxy Book2 Go Firmware	All versions

Running on/with	Platform Versions
Samsung Galaxy Book2 Go	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Galaxy Book2 Pro 360 Firmware	All versions

Running on/with	Platform Versions
Samsung Galaxy Book2 Pro 360	All versions

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=08

Source: mobile.security@samsung.com

Vendor Advisory

https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=08

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.