CVE-2023-47252

{"id": "CVE-2023-47252", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.0}]}, "published": "2024-04-26T03:15:06.617", "references": [{"url": "https://www.insyde.com/security-pledge/SA-2023067", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.insyde.com/security-pledge/SA-2023067", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 through 5.6. There is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. The PNP-related SMI sub-functions do not verify data size before getting it from the communication buffer, which could lead to possible circumstances where the data immediately following the command buffer could be destroyed with a fixed value. This is fixed in kernel 5.2 v05.28.45, kernel 5.3 v05.37.45, kernel 5.4 v05.45.45, kernel 5.5 v05.53.45, and kernel 5.6 v05.60.45."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en PnpSmm en Insyde InsydeH2O con kernel 5.0 a 5.6. Existe un posible acceso fuera de los l\u00edmites en el b\u00fafer de comunicaci\u00f3n SMM, lo que lleva a una manipulaci\u00f3n. Las subfunciones SMI relacionadas con PNP no verifican el tama\u00f1o de los datos antes de obtenerlos del b\u00fafer de comunicaci\u00f3n, lo que podr\u00eda llevar a posibles circunstancias en las que los datos que siguen inmediatamente al b\u00fafer de comando podr\u00edan destruirse con un valor fijo. Esto se solucion\u00f3 en el kernel 5.2 v05.28.45, el kernel 5.3 v05.37.45, el kernel 5.4 v05.45.45, el kernel 5.5 v05.53.45 y el kernel 5.6 v05.60.45."}], "lastModified": "2025-07-29T23:30:00.790", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "320B2C06-0E63-4FEE-A4FB-B3D027C24E3B", "versionEndExcluding": "5.28.45", "versionStartIncluding": "5.2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5434B021-B301-4772-8C7B-D4D9492398FE", "versionEndExcluding": "5.37.45", "versionStartIncluding": "5.3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FDF9C10-222D-4FD2-9223-9BFA7A049250", "versionEndExcluding": "5.45.45", "versionStartIncluding": "5.4"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A0AB4F1-36B4-4FFC-909B-1AB1316F0EEC", "versionEndExcluding": "5.53.45", "versionStartIncluding": "5.5"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC415C8D-E177-4927-ADB7-D98BF53540C6", "versionEndExcluding": "5.60.45", "versionStartIncluding": "5.6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}