Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-28468

An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS.

Published

2023-08-03T15:15:20.167

Last Modified

2024-11-21T07:55:09.023

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	insyde	kernel	≤ 5.5	Yes

References

https://www.insyde.com/security-pledge Not Applicable ([email protected])
https://www.insyde.com/security-pledge/SA-2023039 Vendor Advisory ([email protected])
https://www.insyde.com/security-pledge Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
https://www.insyde.com/security-pledge/SA-2023039 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)