Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2023-39281

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase.

  • Published: Nov 1, 2023
  • Updated: Nov 10, 2023
  • CVE: CVE-2023-39281
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

Software From Fixed in
insyde / insydeh2o 05.45.24.0039 05.45.24.0039.x
insyde / insydeh2o 05.44.45.0017 05.44.45.0017.x
insyde / insydeh2o 05.44.34.0055 05.44.34.0055.x
insyde / insydeh2o 05.53.28.0013 05.53.28.0013.x
insyde / insydeh2o 05.45.38.0005 05.45.38.0005.x
insyde / insydeh2o 05.53.23.0011 05.53.23.0011.x
insyde / insydeh2o 05.53.23.0014 05.53.23.0014.x
insyde / insydeh2o 05.53.22.0008 05.53.22.0008.x
insyde / insydeh2o 05.44.30.0022 05.44.30.0022.x
insyde / insydeh2o 05.43.06.0021 05.43.06.0021.x
insyde / insydeh2o 05.42.37.0031 05.42.37.0031.x