CVE-2023-47252
Last modified
CVE-2023-47252 is a medium-severity vulnerability rated 6.3/10 on the CVSS scale. An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 through 5.6. There is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. EPSS estimates a 0.15% chance of exploitation in the next 30 days.
Description
An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 through 5.6. There is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. The PNP-related SMI sub-functions do not verify data size before getting it from the communication buffer, which could lead to possible circumstances where the data immediately following the command buffer could be destroyed with a fixed value. This is fixed in kernel 5.2 v05.28.45, kernel 5.3 v05.37.45, kernel 5.4 v05.45.45, kernel 5.5 v05.53.45, and kernel 5.6 v05.60.45.
Metrics
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Insyde | Kernel | >= 5.2, < 5.28.45 |
| Insyde | Kernel | >= 5.3, < 5.37.45 |
| Insyde | Kernel | >= 5.4, < 5.45.45 |
| Insyde | Kernel | >= 5.5, < 5.53.45 |
| Insyde | Kernel | >= 5.6, < 5.60.45 |
References
- https://www.insyde.com/security-pledge/SA-2023067Vendor Advisory
- https://www.insyde.com/security-pledge/SA-2023067Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2023-47252?
How severe is CVE-2023-47252?
How do I fix CVE-2023-47252?
Are you affected by CVE-2023-47252?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST