What is the severity of CVE-2023-47252?

CVE-2023-47252 has a high severity rating due to its potential for out-of-bounds access, leading to data tampering.

How do I fix CVE-2023-47252?

To fix CVE-2023-47252, you should update your InsydeH2O firmware to the latest version that resolves this vulnerability.

What versions of InsydeH2O are affected by CVE-2023-47252?

CVE-2023-47252 affects Insyde InsydeH2O versions from 5.0 to 5.6.

What type of vulnerability is CVE-2023-47252?

CVE-2023-47252 is an out-of-bounds access vulnerability related to SMM communication buffer handling.

Who is the vendor for CVE-2023-47252?

The vendor for CVE-2023-47252 is Insyde Software, responsible for the InsydeH2O UEFI BIOS.

Vulnerability/
CVE-2023-47252

medium

6.3

CWE

787

26/4/2024

20/11/2024

CVE-2023-47252

First published: Fri Apr 26 2024(Updated: 4 months ago)

An issue was discovered in PnpSmm in Insyde InsydeH2O with kernel 5.0 through 5.6. There is a possible out-of-bounds access in the SMM communication buffer, leading to tampering. The PNP-related SMI sub-functions do not verify data size before getting it from the communication buffer, which could lead to possible circumstances where the data immediately following the command buffer could be destroyed with a fixed value. This is fixed in kernel 5.2 v05.28.45, kernel 5.3 v05.37.45, kernel 5.4 v05.45.45, kernel 5.5 v05.53.45, and kernel 5.6 v05.60.45.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Insyde H2O	>=5.0<=5.6

Never miss a vulnerability like this again

Reference Links

https://www.insyde.com/security-pledge/SA-2023067

Frequently Asked Questions

What is the severity of CVE-2023-47252?
CVE-2023-47252 has a high severity rating due to its potential for out-of-bounds access, leading to data tampering.
How do I fix CVE-2023-47252?
To fix CVE-2023-47252, you should update your InsydeH2O firmware to the latest version that resolves this vulnerability.
What versions of InsydeH2O are affected by CVE-2023-47252?
CVE-2023-47252 affects Insyde InsydeH2O versions from 5.0 to 5.6.
What type of vulnerability is CVE-2023-47252?
CVE-2023-47252 is an out-of-bounds access vulnerability related to SMM communication buffer handling.
Who is the vendor for CVE-2023-47252?
The vendor for CVE-2023-47252 is Insyde Software, responsible for the InsydeH2O UEFI BIOS.

agent/references
agent/description
agent/first-publish-date
agent/type
agent/author
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/severity
agent/weakness
agent/last-modified-date
agent/event
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/insyde
canonical/insyde h2o

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.