An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS.
References
Link | Resource |
---|---|
https://www.insyde.com/security-pledge | Not Applicable |
https://www.insyde.com/security-pledge/SA-2023039 | Vendor Advisory |
Configurations
History
09 Aug 2023, 20:48
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.insyde.com/security-pledge - Not Applicable | |
References | (MISC) https://www.insyde.com/security-pledge/SA-2023039 - Vendor Advisory | |
CWE | CWE-863 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CPE | cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:* |
03 Aug 2023, 15:37
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-03 15:15
Updated : 2024-02-05 00:01
NVD link : CVE-2023-28468
Mitre link : CVE-2023-28468
CVE.ORG link : CVE-2023-28468
JSON object : View
Products Affected
insyde
- kernel
CWE
CWE-863
Incorrect Authorization