CVE-2023-47252

An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 through 5.6. There is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. The PNP-related SMI sub-functions do not verify data size before getting it from the communication buffer, which could lead to possible circumstances where the data immediately following the command buffer could be destroyed with a fixed value. This is fixed in kernel 5.2 v05.28.45, kernel 5.3 v05.37.45, kernel 5.4 v05.45.45, kernel 5.5 v05.53.45, and kernel 5.6 v05.60.45.

CVSS v3 6.3 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.0 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.insyde.com/security-pledge/SA-2023067	Vendor Advisory
https://www.insyde.com/security-pledge/SA-2023067	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-04-26 03:15

Updated : 2025-07-29 23:30

NVD link : CVE-2023-47252

Mitre link : CVE-2023-47252

CVE.ORG link : CVE-2023-47252

JSON object : View

Products Affected

insyde

kernel

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2023-47252", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.0}]}, "published": "2024-04-26T03:15:06.617", "references": [{"url": "https://www.insyde.com/security-pledge/SA-2023067", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.insyde.com/security-pledge/SA-2023067", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 through 5.6. There is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. The PNP-related SMI sub-functions do not verify data size before getting it from the communication buffer, which could lead to possible circumstances where the data immediately following the command buffer could be destroyed with a fixed value. This is fixed in kernel 5.2 v05.28.45, kernel 5.3 v05.37.45, kernel 5.4 v05.45.45, kernel 5.5 v05.53.45, and kernel 5.6 v05.60.45."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en PnpSmm en Insyde InsydeH2O con kernel 5.0 a 5.6. Existe un posible acceso fuera de los l\u00edmites en el b\u00fafer de comunicaci\u00f3n SMM, lo que lleva a una manipulaci\u00f3n. Las subfunciones SMI relacionadas con PNP no verifican el tama\u00f1o de los datos antes de obtenerlos del b\u00fafer de comunicaci\u00f3n, lo que podr\u00eda llevar a posibles circunstancias en las que los datos que siguen inmediatamente al b\u00fafer de comando podr\u00edan destruirse con un valor fijo. Esto se solucion\u00f3 en el kernel 5.2 v05.28.45, el kernel 5.3 v05.37.45, el kernel 5.4 v05.45.45, el kernel 5.5 v05.53.45 y el kernel 5.6 v05.60.45."}], "lastModified": "2025-07-29T23:30:00.790", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "320B2C06-0E63-4FEE-A4FB-B3D027C24E3B", "versionEndExcluding": "5.28.45", "versionStartIncluding": "5.2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5434B021-B301-4772-8C7B-D4D9492398FE", "versionEndExcluding": "5.37.45", "versionStartIncluding": "5.3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FDF9C10-222D-4FD2-9223-9BFA7A049250", "versionEndExcluding": "5.45.45", "versionStartIncluding": "5.4"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A0AB4F1-36B4-4FFC-909B-1AB1316F0EEC", "versionEndExcluding": "5.53.45", "versionStartIncluding": "5.5"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC415C8D-E177-4927-ADB7-D98BF53540C6", "versionEndExcluding": "5.60.45", "versionStartIncluding": "5.6"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}