CVE-2023-39284

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 2, 2023
Updated: Nov 15, 2023

Summary

CVE-2023-39284 is a vulnerability affecting Insyde's InsydeH2O BIOS with kernel versions 5.0 through 5.5. The issue lies in the IhisiServicesSmm module, where unsanitized arguments are used in the SMI handler, enabling arbitrary calls to the SetVariable function. This vulnerability could potentially be exploited by attackers to gain unauthorized system access or execute malicious code during the BIOS initialization process.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share