PT-2023-22848 · Unknown · Sysinput Hal Service
Published
2023-07-06
·
Updated
2023-07-12
·
CVE-2023-30653
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
sysinput HAL service versions prior to SMR Jul-2023 Release 1
Description
The issue is related to an out of bounds read and write in the
enableTspDevice function of the sysinput HAL service. This allows local attackers to execute arbitrary code.Recommendations
For versions prior to SMR Jul-2023 Release 1, update to SMR Jul-2023 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the
enableTspDevice function of the sysinput HAL service until a patch is available.Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sysinput Hal Service