An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galaxy Book Odyssey allows local attacker to execute SMM memory corruption.
References
| Link | Resource |
|---|---|
| https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=10 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
History
05 Oct 2023, 18:33
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | NVD-CWE-noinfo | |
| First Time |
Samsung galaxy Book
Samsung galaxy Book Pro 360 Samsung galaxy Book Firmware Samsung galaxy Book Odyssey Samsung galaxy Book Odyssey Firmware Samsung galaxy Book Pro Firmware Samsung galaxy Book Pro Samsung galaxy Book Pro 360 Firmware Samsung |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
| CPE | cpe:2.3:o:samsung:galaxy_book_pro_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:samsung:galaxy_book:-:*:*:*:*:*:*:* cpe:2.3:o:samsung:galaxy_book_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:samsung:galaxy_book_pro_360:-:*:*:*:*:*:*:* cpe:2.3:o:samsung:galaxy_book_pro_360_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:samsung:galaxy_book_pro:-:*:*:*:*:*:*:* cpe:2.3:h:samsung:galaxy_book_odyssey:-:*:*:*:*:*:*:* cpe:2.3:o:samsung:galaxy_book_odyssey_firmware:*:*:*:*:*:*:*:* |
|
| References | (MISC) https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=10 - Vendor Advisory |
04 Oct 2023, 04:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-10-04 04:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-30738
Mitre link : CVE-2023-30738
CVE.ORG link : CVE-2023-30738
JSON object : View
Products Affected
samsung
- galaxy_book_odyssey
- galaxy_book_pro_firmware
- galaxy_book_odyssey_firmware
- galaxy_book_pro_360_firmware
- galaxy_book_pro_360
- galaxy_book
- galaxy_book_firmware
- galaxy_book_pro
CWE