1. Home
  2. CVE Database
  3. CVE-2023-39281
CRITICAL · 9.8

CVE-2023-39281

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase.

Vulnerability Description

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
InsydeInsydeh2O05.45.24.0039
IntelB760-
IntelC262-
IntelC266-
IntelCore I3-1305U-
IntelCore I3-13100-
IntelCore I3-13100E-
IntelCore I3-13100F-
IntelCore I3-13100T-
IntelCore I3-13100Te-
IntelCore I3-1315U-
IntelCore I3-1315Ue-
IntelCore I3-1315Ure-
IntelCore I3-1320Pe-
IntelCore I3-1320Pre-
IntelCore I3-13300He-
IntelCore I3-13300Hre-
IntelCore I5-1334U-
IntelCore I5-1335U-
IntelCore I5-1335Ue-

Related Weaknesses (CWE)

CWE-121CWE-787

References

FAQ

What is CVE-2023-39281?

CVE-2023-39281 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase.

How severe is CVE-2023-39281?

CVE-2023-39281 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-39281?

Check the references section above for vendor advisories and patch information. Affected products include: Insyde Insydeh2O, Intel B760, Intel C262, Intel C266, Intel Core I3-1305U.