CVE-2023-30738

Summary

An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galaxy Book Odyssey allows local attacker to execute SMM memory corruption.

Affected Software

VendorProductVersion RangeStatus
Samsung MobileGalaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galaxy Book OdysseyFirmware update Oct-2023 Releaseunaffected

Weaknesses

  • CWE-20: Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References