CVE-2023-39281
CRITICALInsyde InsydeH2O 5.0-5.5 - Stack-based Buffer Overflow in AsfSecureBootDxe
Title source: llmDescription
A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase.
References (2)
Core 2
Core References
Vendor Advisory
https://www.insyde.com/security-pledge
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2023054
Scores
CVSS v3
9.8
EPSS
0.0049
EPSS Percentile
38.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-121
CWE-787
Status
published
Products (11)
insyde/insydeh2o
05.45.24.0039
insyde/insydeh2o
05.44.45.0017
insyde/insydeh2o
05.44.34.0055
insyde/insydeh2o
05.53.28.0013
insyde/insydeh2o
05.45.38.0005
insyde/insydeh2o
05.53.23.0011
insyde/insydeh2o
05.53.23.0014
insyde/insydeh2o
05.53.22.0008
insyde/insydeh2o
05.44.30.0022
insyde/insydeh2o
05.43.06.0021
... and 1 more
Published
Nov 01, 2023
Tracked Since
Feb 18, 2026