CVE-2023-39283

Published: Nov 2, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation.

Affected (4)

Products: Insyde: Insydeh2o

Insyde

1 product

Insydeh2o

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Insyde Insydeh2o	From 5.0 to 5.5
Insyde Insydeh2o	Version 5.5.05.53.22
Insyde Insydeh2o	Version 5.6.05.60.22
Insyde Insydeh2o	Version 5.6

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

https://www.insyde.com/security-pledge

Source: cve@mitre.org

Not Applicable

https://www.insyde.com/security-pledge/SA-2023055

Source: cve@mitre.org

Vendor Advisory

https://www.insyde.com/security-pledge

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

https://www.insyde.com/security-pledge/SA-2023055

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.