CVE-2023-28468
First published: Thu Aug 03 2023(Updated: )
An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Insyde Kernel | >=5.0<=5.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-28468.
What is the severity of CVE-2023-28468?
The severity of CVE-2023-28468 is medium with a severity value of 6.5.
What software is affected by CVE-2023-28468?
The Insyde Kernel versions 5.0 through 5.5 are affected by CVE-2023-28468.
How can an attacker exploit CVE-2023-28468?
An attacker can exploit CVE-2023-28468 by interacting with the SPI flash at run-time from the OS through the SMI handler exposed by the FvbServicesRuntimeDxe SMM module.
Are there any references available for CVE-2023-28468?
Yes, you can find references for CVE-2023-28468 at the following links: [link1](https://www.insyde.com/security-pledge/SA-2023039), [link2](https://www.insyde.com/security-pledge).
- collector/nvd-latest
- collector/nvd-api
- collector/nvd-index
- agent/references
- agent/author
- agent/type
- agent/softwarecombine
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/insyde
- canonical/insyde kernel
- version/insyde kernel/5.0
- version/insyde kernel/5.5