How severe is CVE-2023-22616?

CVE-2023-22616 has a CVSS v3 score of 7.8 (HIGH).

CVE-2023-22616

Name: insydeh2o
Author: insyde

7.8HIGH

An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register is not checked before use. The IhisiSmm driver does not check the value of a save state register before

Veröffentlicht: 4/12/2023Aktualisiert: 2/10/2025

Beschreibung

An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register is not checked before use. The IhisiSmm driver does not check the value of a save state register before use. Due to insufficient input validation, an attacker can corrupt SMRAM.

KI-AnalyseKI-gestützt

Betroffene Produkte

insydeinsydeh2o

Referenzen

https://research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode/
ExploitThird Party Advisory
https://www.insyde.com/security-pledge
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2023022
Vendor Advisory
https://research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode/
ExploitThird Party Advisory
https://www.insyde.com/security-pledge
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2023022
Vendor Advisory