How severe is CVE-2023-22616?

CVE-2023-22616 has a CVSS v3 score of 7.8 (HIGH).

CVE-2023-22616

Name: insydeh2o
Author: insyde

7.8HIGH

An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register is not checked before use. The IhisiSmm driver does not check the value of a save state register before

Опубликовано: 4/12/2023Обновлено: 2/10/2025

Описание

An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register is not checked before use. The IhisiSmm driver does not check the value of a save state register before use. Due to insufficient input validation, an attacker can corrupt SMRAM.

ИИ-АнализНа базе ИИ

Затронутые продукты

insydeinsydeh2o

Ссылки

https://research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode/
ExploitThird Party Advisory
https://www.insyde.com/security-pledge
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2023022
Vendor Advisory
https://research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode/
ExploitThird Party Advisory
https://www.insyde.com/security-pledge
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2023022
Vendor Advisory