CVE-2023-30738: Input Validation
First published: Wed Oct 04 2023(Updated: )
An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galaxy Book Odyssey allows local attacker to execute SMM memory corruption.
Credit: mobile.security@samsung.com mobile.security@samsung.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samsung Galaxy Book Firmware | <oct-2023 | |
| Samsung Galaxy Book | ||
| Samsung Galaxy Book Pro Firmware | <oct-2023 | |
| Samsung Galaxy Book Pro | ||
| Samsung Galaxy Book Pro 360 Firmware | <oct-2023 | |
| Samsung Galaxy Book Pro 360 | ||
| Samsung Galaxy Book Odyssey Firmware | <oct-2023 | |
| Samsung Galaxy Book Odyssey |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-30738?
CVE-2023-30738 is a vulnerability that allows a local attacker to execute SMM memory corruption in UEFI Firmware prior to the October 2023 release in Samsung Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360, and Galaxy Book Odyssey.
Which software versions are affected by CVE-2023-30738?
The vulnerability affects Samsung Galaxy Book Firmware up to exclusive version October 2023, Samsung Galaxy Book Pro Firmware up to exclusive version October 2023, Samsung Galaxy Book Pro 360 Firmware up to exclusive version October 2023, and Samsung Galaxy Book Odyssey Firmware up to exclusive version October 2023.
What is the severity of CVE-2023-30738?
CVE-2023-30738 has a severity rating of 7.8 (high).
How can a local attacker exploit CVE-2023-30738?
A local attacker can exploit CVE-2023-30738 by performing improper input validation in UEFI Firmware, leading to SMM memory corruption.
How can I protect my device from CVE-2023-30738?
To protect your device from CVE-2023-30738, you should update the UEFI Firmware to the October 2023 release or a later version provided by Samsung.
- collector/nvd-api
- collector/nvd-index
- agent/type
- agent/author
- agent/softwarecombine
- agent/severity
- agent/references
- agent/weakness
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/samsung
- canonical/samsung galaxy book firmware
- canonical/samsung galaxy book
- canonical/samsung galaxy book pro firmware
- canonical/samsung galaxy book pro
- canonical/samsung galaxy book pro 360 firmware
- canonical/samsung galaxy book pro 360
- canonical/samsung galaxy book odyssey firmware
- canonical/samsung galaxy book odyssey