CVE-2023-39283

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 2, 2023
Updated: Nov 10, 2023
CWE ID 787

Summary

CVE-2023-39283 is a serious vulnerability affecting the SMM (System Management Mode) driver, specifically the SMRAM (Static Random Access Memory) write function in CsmInt10HookSmm of Insyde InsydeH20, for Linux kernels 5.0 to 5.5. This issue allows malicious actors to corrupt SMM memory, enabling them to inject arbitrary data into the SMM environment. Successful exploitation could result in privilege escalation, giving attackers elevated system access and potentially leading to further compromises.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share