critical
9.8
CWE
119 787 121
Advisory Published
Updated

CVE-2023-39281: Buffer Overflow

First published: Wed Nov 01 2023(Updated: )

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
All of
Any of
Intel B760
Intel C262
Intel C266
Intel Core i3-1305U
Intel Core i3-13100
Intel Core i3-13100E
Intel Core i3-13100F
Intel Core i3-13100T
Intel Core i3-13100TE
Intel Core i3-1315U
Intel Core i3-1315UE
Intel Core i3-1315UE
Intel Core i3-1320PE
Intel Core i3-1320pre
Intel Core i3-13300HE
Intel Core i3-13300HRE
Intel Core i5-1334U
Intel Core i5-1335U
Intel Core i5-1335UE
Intel Core i5-13400
Intel Core i5-13400E
Intel Core i5-13400F
Intel Core i5-13400T
Intel Core i5-1340P
Intel Core i5-1340PE
Intel Core i5-13420H
Intel Core i5-13450HX
Intel Core i5-1345U
Intel Core i5-1345UE
Intel Core i5-1345UE
Intel Core i5-13500
Intel Core i5-13500E
Intel Core i5-13500H
Intel Core i5-13500HX
Intel Core i5-13500T
Intel Core i5-13500TE
Intel Core i5-13505H
Intel Core i5-1350P
Intel Core i5-1350pe
Intel Core i5-1350pre
Intel Core i5-13600
Intel Core i5-13600H
Intel Core i5-13600HE
Intel Core i5-13600HRE
Intel Core i5-13600HX
Intel Core i5-13600K
Intel Core i5-13600KF
Intel Core i5-13600T
Intel Core i5-14600K
Intel Core i5-14600KF
Intel Core i7-1355U
Intel Core i7-1360P
Intel Core i7-13620H
Intel Core i7-13650HX
Intel Core i7-1365URE
Intel Core i7-1365URE
Intel Core i7-1365URE
Intel Core i7-1366ure
Intel Core i7-13700
Intel Core i7-13700E
Intel Core i7-13700F
Intel Core i7-13700H
Intel Core i7-13700HX
Intel Core i7-13700K
Intel Core i7-13700KF
Intel Core i7-13700T
Intel Core i7-13700TE
Intel Core i7-13705H
Intel Core i7-1370PE
Intel Core i7-1370PE
Intel Core i7-1370pre
Intel Core i7-1375pre
Intel Core i7-13800H
Intel Core i7-13800HE
Intel Core i7-13800HRE
Intel Core i7-13850HX
Intel Core i7-14700K
Intel Core i7-14700KF
Intel Core i9-13900
Intel Core i9-13900E
Intel Core i9-13900F
Intel Core i9-13900H
Intel Core i9-13900HK
Intel Core i9-13900HX
Intel Core i9-13900K
Intel core i9-13900kf
Intel Core i9-13900KS
Intel Core i9-13900T
Intel Core i9-13900TE
Intel Core i9-13905H
Intel Core i9-13950HX
Intel Core i9-13980HX
Intel Core i9-14900K
Intel Core i9-14900KF
Intel H770
Intel HM770
Intel U300
Intel U300e
Intel WM790
Intel Z790
Insyde InsydeH2O UEFI BIOS=05.45.24.0039
All of
Any of
Intel Atom x7211e
Intel Atom x7213e
intel atom x7425e
Intel Core i3-N300
Intel Core i3-N305
Intel N100
Intel N200
Intel N50
Intel N95
intel n97
Insyde InsydeH2O UEFI BIOS=05.44.45.0017
All of
Any of
Intel celeron 7300
Intel celeron 7305
Intel celeron g6900
Intel celeron g6900t
Intel core i3-12100
Intel core i3-12100f
Intel core i3-12100t
Intel core i3-1210u
Intel core i3-1215u
Intel core i3-1220p
Intel core i3-12300
Intel core i3-12300t
Intel core i5-1230u
Intel core i5-1235u
Intel core i5-12400
Intel core i5-12400f
Intel core i5-12400t
Intel core i5-1240p
Intel core i5-1240u
Intel core i5-12450h
Intel core i5-12450hx
Intel core i5-1245u
Intel Core i5-12490F
Intel core i5-12500
Intel core i5-12500h
Intel core i5-12500t
Intel core i5-1250p
Intel core i5-12600
Intel core i5-12600h
Intel core i5-12600hx
Intel core i5-12600k
Intel core i5-12600kf
Intel core i5-12600t
Intel core i7-1250u
Intel core i7-1255u
Intel core i7-1260p
Intel core i7-1260u
Intel core i7-12650h
Intel core i7-12650hx
Intel core i7-1265u
Intel core i7-12700
Intel core i7-12700f
Intel core i7-12700h
Intel core i7-12700k
Intel core i7-12700kf
Intel core i7-12700t
Intel core i7-1270p
Intel core i7-12800h
Intel core i7-12800hx
Intel core i7-1280p
Intel core i7-12850hx
Intel core i9-12900
Intel core i9-12900f
Intel core i9-12900h
Intel core i9-12900hk
Intel core i9-12900hx
Intel core i9-12900k
Intel core i9-12900kf
Intel core i9-12900ks
Intel core i9-12900t
Intel core i9-12950hx
Intel Pentium 8500
Intel Pentium 8505
Intel pentium gold g7400
Intel pentium gold g7400t
Insyde InsydeH2O UEFI BIOS=05.44.34.0055
All of
Any of
AMD Ryzen 3 7335U Firmware
AMD Ryzen 3 7440U Firmware
AMD Ryzen 5 6600H firmware
AMD Ryzen 5 6600HS Firmware
AMD Ryzen 5 6600U Firmware
AMD Ryzen 5 7535HS Firmware
AMD Ryzen 5 7535U firmware
AMD Ryzen 5 7540U
AMD Ryzen 5 7545U
AMD Ryzen 5 PRO 7640H
AMD Ryzen 5 7640U Firmware
AMD Ryzen 5 Pro 7640HS Firmware
AMD Ryzen 7 6800H Firmware
AMD Ryzen 7 6800HS firmware
AMD Ryzen 7 6800U Firmware
AMD Ryzen 7 7735HS Firmware
AMD Ryzen 7 7735U Firmware
AMD Ryzen 7 7736U
AMD Ryzen 7 Pro 7840H
AMD Ryzen 7 7840U
AMD Ryzen 7 Pro 7840HS
AMD Ryzen 9 6900HS Firmware
AMD Ryzen 9 6900HX Firmware
AMD Ryzen 9 6980HS Firmware
AMD Ryzen 9 6980HX firmware
AMD Ryzen 9 7940H
AMD Ryzen 9 7940HS
AMD Ryzen 9 Pro 7940HS
AMD Ryzen Z1
AMD Ryzen Z1 Extreme
amd v314
AMD V3C16
AMD Ryzen Embedded V3C18
AMD Ryzen Embedded V3C44
AMD Ryzen Embedded V3C48
Insyde InsydeH2O UEFI BIOS=05.53.28.0013
All of
Any of
Intel celeron 7305l
Intel core i3-1215ul
Intel core i3-12300hl
Intel core i5-1235ul
Intel core i5-1245ul
Intel core i5-12500hl
Intel core i5-12600hl
Intel core i7-1255ul
Intel core i7-1265ul
Intel core i7-12700hl
Intel core i7-12800hl
Insyde InsydeH2O UEFI BIOS=05.45.38.0005
All of
Any of
AMD Ryzen 7 7645HX
AMD Ryzen 7 7745HX Firmware
AMD Ryzen 7 7840HX
AMD Ryzen 9 7645HX3D
AMD Ryzen 9 7845HX firmware
AMD Ryzen 9 7940HX
AMD Ryzen 9 7945HX Firmware
Insyde InsydeH2O UEFI BIOS=05.53.23.0011
All of
Any of
AMD Athlon Gold 7220U
AMD Athlon Silver 7120U
AMD Ryzen 3 7320U
AMD Ryzen 5 7520u firmware
Insyde InsydeH2O UEFI BIOS=05.53.23.0014
All of
Any of
AMD Ryzen 5 7500F Firmware
AMD Ryzen 5 7600
AMD Ryzen 5 7600X
AMD Ryzen Pro 7645
AMD Ryzen 7 7700
AMD Ryzen 7 7700X
AMD Ryzen 7 7800X3D
AMD Ryzen 7 Pro 7745 Firmware
AMD Ryzen 9 7900
AMD Ryzen 9 7900X Firmware
AMD Ryzen 9 7900X3D firmware
AMD Ryzen 9 7950X
AMD Ryzen 9 7950X3D
AMD Ryzen Pro 7945
Insyde InsydeH2O UEFI BIOS=05.53.22.0008
All of
Insyde InsydeH2O UEFI BIOS=05.44.30.0022
Any of
AMD Ryzen 3 7335U Firmware
AMD Ryzen 5 6600H firmware
AMD Ryzen 5 6600HS Firmware
AMD Ryzen 5 6600U Firmware
AMD Ryzen 5 7535HS Firmware
AMD Ryzen 5 7535U firmware
AMD Ryzen 7 6800H Firmware
AMD Ryzen 7 6800HS firmware
AMD Ryzen 7 6800U Firmware
AMD Ryzen 7 7735HS Firmware
AMD Ryzen 7 7735U Firmware
AMD Ryzen 7 7736U
AMD Ryzen 9 6900HS Firmware
AMD Ryzen 9 6900HX Firmware
AMD Ryzen 9 6980HS Firmware
AMD Ryzen 9 6980HX firmware
All of
Insyde InsydeH2O UEFI BIOS=05.43.06.0021
AMD Van Gogh
All of
Insyde InsydeH2O UEFI BIOS=05.42.37.0031
Any of
AMD Ryzen 3 5100 Firmware
AMD Ryzen 3 5125C
AMD Ryzen 3 5300G Firmware
AMD Ryzen 3 5300GE Firmware
AMD Ryzen 3 5400U
AMD Ryzen 3 5425U
AMD Ryzen 3 Pro 7330U Firmware
AMD Ryzen 5 5500 firmware
AMD Ryzen 5 5500H
AMD Ryzen 5 5500U
AMD Ryzen 5 5560U Firmware
AMD Ryzen 5 5600GT Firmware
AMD Ryzen 5 5600GE Firmware
AMD Ryzen 5 5600H
AMD Ryzen 5 5600HS
AMD Ryzen 5 5600U
AMD Ryzen 5 5625U Firmware
AMD Ryzen 5 Pro 7530U
AMD Ryzen 7 5700U Firmware
AMD Ryzen 7 5700G Firmware
AMD Ryzen 7 5700GE Firmware
AMD Ryzen 7 5700U Firmware
AMD Ryzen 7 5800H Firmware
AMD Ryzen 7 5800HS Firmware
AMD Ryzen 7 5800U Firmware
AMD Ryzen 7 5825U Firmware
AMD Ryzen 7 PRO 7730U Firmware
AMD Ryzen 9 5900HS Firmware
AMD Ryzen 9 5900HX
AMD Ryzen 9 5980HS Firmware
AMD Ryzen 3 5300U

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2023-39281?

    CVE-2023-39281 is considered a critical vulnerability due to its potential for arbitrary code execution.

  • How do I fix CVE-2023-39281?

    To fix CVE-2023-39281, updating the InsydeH2O UEFI BIOS to the latest version that addresses this vulnerability is necessary.

  • What types of systems are affected by CVE-2023-39281?

    CVE-2023-39281 affects systems utilizing Intel and AMD processors that run the specified InsydeH2O UEFI BIOS versions.

  • What is the impact of exploiting CVE-2023-39281?

    Exploitation of CVE-2023-39281 can lead to unauthorized access, allowing attackers to execute arbitrary code during the DXE phase.

  • When was CVE-2023-39281 disclosed?

    CVE-2023-39281 was disclosed in 2023 and is part of ongoing efforts to enhance cybersecurity in firmware.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203