CVE-2023-39283

An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.insyde.com/security-pledge	Not Applicable
https://www.insyde.com/security-pledge/SA-2023055	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:insyde:insydeh2o::::::::
	cpe:2.3:a:insyde:insydeh2o:5.5.05.53.22:::::::*
	cpe:2.3:a:insyde:insydeh2o:5.6:::::::*
	cpe:2.3:a:insyde:insydeh2o:5.6.05.60.22:::::::*

History

10 Nov 2023, 04:12

Type	Values Removed	Values Added
First Time		Insyde insydeh2o Insyde
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CWE		CWE-787
References	~~(MISC) https://www.insyde.com/security-pledge -~~	(MISC) https://www.insyde.com/security-pledge - Not Applicable
References	~~(MISC) https://www.insyde.com/security-pledge/SA-2023055 -~~	(MISC) https://www.insyde.com/security-pledge/SA-2023055 - Vendor Advisory
CPE		cpe:2.3:a:insyde:insydeh2o:5.6:::::::* cpe:2.3:a:insyde:insydeh2o:5.6.05.60.22:::::::* cpe:2.3:a:insyde:insydeh2o:5.5.05.53.22:::::::* cpe:2.3:a:insyde:insydeh2o::::::::

02 Nov 2023, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-02 22:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-39283

Mitre link : CVE-2023-39283

CVE.ORG link : CVE-2023-39283

JSON object : View

Products Affected

insyde

insydeh2o

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2023-39283", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-11-02T22:15:09.070", "references": [{"url": "https://www.insyde.com/security-pledge", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "https://www.insyde.com/security-pledge/SA-2023055", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation."}, {"lang": "es", "value": "Una vulnerabilidad de corrupci\u00f3n de memoria SMM en el controlador SMM (SMRAM write) en CsmInt10HookSmm en Insyde InsydeH2O con kernel 5.0 a 5.5 permite a atacantes enviar datos arbitrarios a SMM, lo que podr\u00eda conducir a una escalada de privilegios."}], "lastModified": "2023-11-10T04:12:27.713", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D301572D-C5C6-41F1-A5D2-41F07E0FC15D", "versionEndIncluding": "5.5", "versionStartIncluding": "5.0"}, {"criteria": "cpe:2.3:a:insyde:insydeh2o:5.5.05.53.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EA483CB-E835-40C9-8DE0-6B2DB2A2D736"}, {"criteria": "cpe:2.3:a:insyde:insydeh2o:5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D36B269-1168-4287-8F11-F5DFE8B23A5E"}, {"criteria": "cpe:2.3:a:insyde:insydeh2o:5.6.05.60.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0ECB2B5B-C312-479F-8BAE-9B98E5DD5CD7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}