CVE-2023-47252

EUVD-2023-51383

26.04.2024, 03:15

An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 through 5.6. There is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. The PNP-related SMI sub-functions do not verify data size before getting it from the communication buffer, which could lead to possible circumstances where the data immediately following the command buffer could be destroyed with a fixed value. This is fixed in kernel 5.2 v05.28.45, kernel 5.3 v05.37.45, kernel 5.4 v05.45.45, kernel 5.5 v05.53.45, and kernel 5.6 v05.60.45.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.3 MEDIUM	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CISA-ADP	ADP	6.3 MEDIUM	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 32%

Affected Products (NVD)

Vendor	Product	Version
insyde	kernel	5.2 ≤ 𝑥 < 5.28.45
insyde	kernel	5.3 ≤ 𝑥 < 5.37.45
insyde	kernel	5.4 ≤ 𝑥 < 5.45.45
insyde	kernel	5.5 ≤ 𝑥 < 5.53.45
insyde	kernel	5.6 ≤ 𝑥 < 5.60.45

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://www.insyde.com/security-pledge/SA-2023067