Vulnerabilities > CVE-2023-30738 - Unspecified vulnerability in Samsung products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

samsung

NVD

Published: 2023-10-04

Updated: 2023-11-07

Summary

An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galaxy Book Odyssey allows local attacker to execute SMM memory corruption.

Vulnerable Configurations

Part	Description	Count
OS	Samsung Samsung Galaxy Book Firmware * Samsung Galaxy Book PRO Firmware * Samsung Galaxy Book PRO 360 Firmware * Samsung Galaxy Book Odyssey Firmware *	4
Hardware	Samsung Samsung Galaxy Book - Samsung Galaxy Book PRO - Samsung Galaxy Book PRO 360 - Samsung Galaxy Book Odyssey -	4

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=10