Lucene search
MitreCVE-2023-28468HistoryAug 03, 2023 - 3:15 p.m.
CVE-2023-28468
2023-08-0315:15:20
CWE-863
mitre
web.nvd.nist.gov
25
cve-2023-28468
insyde insydeh2o
fvbservicesruntimedxe
smm module
smi handler
spi flash
nvd
CVSS3
6.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.0%
An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS.
Affected configurations
Node
insydekernelRange5.0–5.5
Related
prion
prion
Code injection
2023-08-03 15:15:00
cvelist
cvelist
CVE-2023-28468
2023-08-03 00:00:00
nvd
nvd
CVE-2023-28468
2023-08-03 15:15:20
CVSS3
6.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.0%
Related for CVE-2023-28468