How severe is CVE-2023-22616?

CVE-2023-22616 has a CVSS v3 score of 7.8 (HIGH).

CVE-2023-22616

Name: insydeh2o
Author: insyde

7.8HIGH

An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register is not checked before use. The IhisiSmm driver does not check the value of a save state register before

Publicado: 4/12/2023Actualizado: 2/10/2025

Descripción

An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register is not checked before use. The IhisiSmm driver does not check the value of a save state register before use. Due to insufficient input validation, an attacker can corrupt SMRAM.

Análisis IAImpulsado por IA

Productos Afectados

insydeinsydeh2o

Referencias

https://research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode/
ExploitThird Party Advisory
https://www.insyde.com/security-pledge
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2023022
Vendor Advisory
https://research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode/
ExploitThird Party Advisory
https://www.insyde.com/security-pledge
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2023022
Vendor Advisory