CVE-2023-28468

An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS.
References
Configurations

Configuration 1 (hide)

cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*

History

09 Aug 2023, 20:48

Type Values Removed Values Added
References (MISC) https://www.insyde.com/security-pledge - (MISC) https://www.insyde.com/security-pledge - Not Applicable
References (MISC) https://www.insyde.com/security-pledge/SA-2023039 - (MISC) https://www.insyde.com/security-pledge/SA-2023039 - Vendor Advisory
CWE CWE-863
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CPE cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*

03 Aug 2023, 15:37

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-03 15:15

Updated : 2024-02-05 00:01


NVD link : CVE-2023-28468

Mitre link : CVE-2023-28468

CVE.ORG link : CVE-2023-28468


JSON object : View

Products Affected

insyde

  • kernel
CWE
CWE-863

Incorrect Authorization