1. Home
  2. CVE Database
  3. CVE-2023-30738
MEDIUM · 5.5

CVE-2023-30738

An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galaxy Book Odyssey allows local attacker to execute SM...

Vulnerability Description

An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galaxy Book Odyssey allows local attacker to execute SMM memory corruption.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
SamsungGalaxy Book Firmware< oct-2023
SamsungGalaxy Book-
SamsungGalaxy Book Pro Firmware< oct-2023
SamsungGalaxy Book Pro-
SamsungGalaxy Book Pro 360 Firmware< oct-2023
SamsungGalaxy Book Pro 360-
SamsungGalaxy Book Odyssey Firmware< oct-2023
SamsungGalaxy Book Odyssey-

References

FAQ

What is CVE-2023-30738?

CVE-2023-30738 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galaxy Book Odyssey allows local attacker to execute SM...

How severe is CVE-2023-30738?

CVE-2023-30738 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-30738?

Check the references section above for vendor advisories and patch information. Affected products include: Samsung Galaxy Book Firmware, Samsung Galaxy Book, Samsung Galaxy Book Pro Firmware, Samsung Galaxy Book Pro, Samsung Galaxy Book Pro 360 Firmware.