CVE-2023-47252

An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 through 5.6. There is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. The PNP-related SMI sub-functions do not verify data size before getting it from the communication buffer, which could lead to possible circumstances where the data immediately following the command buffer could be destroyed with a fixed value. This is fixed in kernel 5.2 v05.28.45, kernel 5.3 v05.37.45, kernel 5.4 v05.45.45, kernel 5.5 v05.53.45, and kernel 5.6 v05.60.45.

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.0 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.insyde.com/security-pledge/SA-2023067
https://www.insyde.com/security-pledge/SA-2023067

Configurations

No configuration.

History

21 Nov 2024, 08:30

Type	Values Removed	Values Added
References	~~() https://www.insyde.com/security-pledge/SA-2023067 -~~	() https://www.insyde.com/security-pledge/SA-2023067 -

20 Nov 2024, 16:35

Type	Values Removed	Values Added
CWE		CWE-787
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.3

26 Apr 2024, 12:58

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-26 03:15

Updated : 2024-11-21 08:30

NVD link : CVE-2023-47252

Mitre link : CVE-2023-47252

CVE.ORG link : CVE-2023-47252

JSON object : View

Products Affected

No product.

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2023-47252", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.0}]}, "published": "2024-04-26T03:15:06.617", "references": [{"url": "https://www.insyde.com/security-pledge/SA-2023067", "source": "cve@mitre.org"}, {"url": "https://www.insyde.com/security-pledge/SA-2023067", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 through 5.6. There is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. The PNP-related SMI sub-functions do not verify data size before getting it from the communication buffer, which could lead to possible circumstances where the data immediately following the command buffer could be destroyed with a fixed value. This is fixed in kernel 5.2 v05.28.45, kernel 5.3 v05.37.45, kernel 5.4 v05.45.45, kernel 5.5 v05.53.45, and kernel 5.6 v05.60.45."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en PnpSmm en Insyde InsydeH2O con kernel 5.0 a 5.6. Existe un posible acceso fuera de los l\u00edmites en el b\u00fafer de comunicaci\u00f3n SMM, lo que lleva a una manipulaci\u00f3n. Las subfunciones SMI relacionadas con PNP no verifican el tama\u00f1o de los datos antes de obtenerlos del b\u00fafer de comunicaci\u00f3n, lo que podr\u00eda llevar a posibles circunstancias en las que los datos que siguen inmediatamente al b\u00fafer de comando podr\u00edan destruirse con un valor fijo. Esto se solucion\u00f3 en el kernel 5.2 v05.28.45, el kernel 5.3 v05.37.45, el kernel 5.4 v05.45.45, el kernel 5.5 v05.53.45 y el kernel 5.6 v05.60.45."}], "lastModified": "2024-11-21T08:30:03.193", "sourceIdentifier": "cve@mitre.org"}