CVE-2023-30738 - OpenCVE

An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galaxy Book Odyssey allows local attacker to execute SMM memory corruption.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Samsung	Galaxy Book Odyssey Galaxy Book Pro 360 Firmware Galaxy Book Firmware Galaxy Book Galaxy Book Pro 360 Galaxy Book Odyssey Firmware Galaxy Book Pro Galaxy Book Pro Firmware

Configuration 1 [-]

AND

cpe:2.3:o:samsung:galaxy_book_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_book:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:samsung:galaxy_book_pro_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_book_pro:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:samsung:galaxy_book_pro_360_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_book_pro_360:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:samsung:galaxy_book_odyssey_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_book_odyssey:-:*:*:*:*:*:*:*

References

Link	Resource
https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=10	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Samsung Mobile

Published: 2023-10-04T03:02:51.481Z

Updated: 2023-10-04T03:02:51.481Z

Reserved: 2023-04-14T01:59:51.141Z

Link: CVE-2023-30738

JSON object: View

NVD Information

Status : Modified

Published: 2023-10-04T04:15:13.733

Modified: 2023-11-07T04:14:04.310

Link: CVE-2023-30738

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:galaxy_book_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D007B248-661D-4E53-A0C0-F3C49ED9540A", "versionEndExcluding": "oct-2023", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:galaxy_book:-:*:*:*:*:*:*:*", "matchCriteriaId": "4356A941-2FF9-4A68-8EF5-AB86576017DD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:galaxy_book_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D675EEE1-9A38-4667-9AE5-31FF8882603E", "versionEndExcluding": "oct-2023", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:galaxy_book_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "C3A9C42E-F053-4C74-9248-33DAABF550F8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:galaxy_book_pro_360_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "54974A58-DD3F-4088-BF2F-D150565B8FE3", "versionEndExcluding": "oct-2023", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:galaxy_book_pro_360:-:*:*:*:*:*:*:*", "matchCriteriaId": "4662A977-BFA4-41F0-95D9-BB0D8B077D66", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:galaxy_book_odyssey_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACBF7D53-8DAF-4853-92EE-298726BD0789", "versionEndExcluding": "oct-2023", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:galaxy_book_odyssey:-:*:*:*:*:*:*:*", "matchCriteriaId": "402463AD-A75B-4127-BBE9-24AABEE40817", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galaxy Book Odyssey allows local attacker to execute SMM memory corruption."}, {"lang": "es", "value": "Una validaci\u00f3n de entrada incorrecta en el firmware UEFI antes del lanzamiento de la actualizaci\u00f3n de firmware de octubre de 2023 en Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 y Galaxy Book Odyssey permite a un atacante local ejecutar corrupci\u00f3n de memoria SMM."}], "id": "CVE-2023-30738", "lastModified": "2023-11-07T04:14:04.310", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "mobile.security@samsung.com", "type": "Secondary"}]}, "published": "2023-10-04T04:15:13.733", "references": [{"source": "mobile.security@samsung.com", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=10"}], "sourceIdentifier": "mobile.security@samsung.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}