CVE-2023-27373

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:insyde:insydeh2o:5.0:*:*:*:*:*:*:*
cpe:2.3:a:insyde:insydeh2o:5.1:*:*:*:*:*:*:*
cpe:2.3:a:insyde:insydeh2o:5.2:*:*:*:*:*:*:*
cpe:2.3:a:insyde:insydeh2o:5.3:*:*:*:*:*:*:*
cpe:2.3:a:insyde:insydeh2o:5.4:*:*:*:*:*:*:*
cpe:2.3:a:insyde:insydeh2o:5.5:*:*:*:*:*:*:*

History

15 Aug 2023, 14:29

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
First Time Insyde
Insyde insydeh2o
References (MISC) https://www.insyde.com/security-pledge/SA-2023035 - (MISC) https://www.insyde.com/security-pledge/SA-2023035 - Vendor Advisory
CPE cpe:2.3:a:insyde:insydeh2o:5.5:*:*:*:*:*:*:*
cpe:2.3:a:insyde:insydeh2o:5.2:*:*:*:*:*:*:*
cpe:2.3:a:insyde:insydeh2o:5.3:*:*:*:*:*:*:*
cpe:2.3:a:insyde:insydeh2o:5.4:*:*:*:*:*:*:*
cpe:2.3:a:insyde:insydeh2o:5.1:*:*:*:*:*:*:*
cpe:2.3:a:insyde:insydeh2o:5.0:*:*:*:*:*:*:*
CWE CWE-20

07 Aug 2023, 15:41

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-07 15:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-27373

Mitre link : CVE-2023-27373

CVE.ORG link : CVE-2023-27373


JSON object : View

Products Affected

insyde

  • insydeh2o
CWE
CWE-20

Improper Input Validation