Lucene search
MitreCVE-2023-39283HistoryNov 02, 2023 - 10:15 p.m.
CVE-2023-39283
2023-11-0222:15:09
CWE-787
mitre
web.nvd.nist.gov
38
cve-2023-39283
smm memory corruption
insyde insydeh2o
privilege escalation
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.7
Confidence
High
EPSS
0
Percentile
9.0%
An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation.
Affected configurations
Node
insydeinsydeh2oRange5.0–5.5
ORinsydeinsydeh2oMatch5.5.05.53.22
ORinsydeinsydeh2oMatch5.6
ORinsydeinsydeh2oMatch5.6.05.60.22
| Vendor | Product | Version | CPE |
|---|---|---|---|
| insyde | insydeh2o | * | cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:* |
| insyde | insydeh2o | 5.5.05.53.22 | cpe:2.3:a:insyde:insydeh2o:5.5.05.53.22:*:*:*:*:*:*:* |
| insyde | insydeh2o | 5.6 | cpe:2.3:a:insyde:insydeh2o:5.6:*:*:*:*:*:*:* |
| insyde | insydeh2o | 5.6.05.60.22 | cpe:2.3:a:insyde:insydeh2o:5.6.05.60.22:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2023-39283
2023-11-02 22:15:09
cvelist
cvelist
CVE-2023-39283
2023-11-02 00:00:00
prion
prion
Memory corruption
2023-11-02 22:15:00
vulnrichment
vulnrichment
CVE-2023-39283
2023-11-02 00:00:00
nessus
nessus
Debian DLA-3654-1 : freerdp2 - LTS security update
2023-11-17 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3654-1)
2023-11-20 00:00:00
debian
debian
[SECURITY] [DLA 3654-1] freerdp2 security update
2023-11-17 17:35:06
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.7
Confidence
High
EPSS
0
Percentile
9.0%
Related for CVE-2023-39283