An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation.
References
Link | Resource |
---|---|
https://www.insyde.com/security-pledge | Not Applicable |
https://www.insyde.com/security-pledge/SA-2023055 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-11-02T00:00:00
Updated: 2023-11-02T21:09:36.535225
Reserved: 2023-07-27T00:00:00
Link: CVE-2023-39283
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-02T22:15:09.070
Modified: 2023-11-10T04:12:27.713
Link: CVE-2023-39283
JSON object: View
Redhat Information
No data.
CWE