CVE-2023-39281
01.11.2023, 22:15
A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| insyde | insydeh2o | 05.45.24.0039 |
| insyde | insydeh2o | 05.44.45.0017 |
| insyde | insydeh2o | 05.44.34.0055 |
| insyde | insydeh2o | 05.53.28.0013 |
| insyde | insydeh2o | 05.45.38.0005 |
| insyde | insydeh2o | 05.53.23.0011 |
| insyde | insydeh2o | 05.53.23.0014 |
| insyde | insydeh2o | 05.53.22.0008 |
| insyde | insydeh2o | 05.44.30.0022 |
| insyde | insydeh2o | 05.43.06.0021 |
| insyde | insydeh2o | 05.42.37.0031 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| insyde | insydeh20 | 5.0 ≤ 𝑥 ≤ 5.5 | ADP |
Common Weakness Enumeration
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
- CWE-121 - Stack-based Buffer OverflowA stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).