First published: Tue Apr 11 2023(Updated: )
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. A malicious host OS can invoke an Insyde SMI handler with malformed arguments, resulting in memory corruption in SMM.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Insyde InsydeH2O | =05.0a.11 | |
Insyde InsydeH2O | =05.18.03 | |
Insyde InsydeH2O | =05.28.03 | |
Insyde InsydeH2O | =05.37.03 | |
Insyde InsydeH2O | =05.45.01 | |
Insyde InsydeH2O | =05.53.01 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-22612 is high, with a severity value of 8.8.
The affected software for CVE-2023-22612 is Insyde InsydeH2O version 05.0a.11, 05.18.03, 05.28.03, 05.37.03, 05.45.01, and 05.53.01.
CVE-2023-22612 is an issue discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5, where a malicious host OS can invoke an Insyde SMI handler with malformed arguments, resulting in memory corruption in SMM.
Yes, there are references available for CVE-2023-22612. You can find them at https://research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode/, https://www.insyde.com/security-pledge, and https://www.insyde.com/security-pledge/SA-2023019.
The CWE category for CVE-2023-22612 is CWE-787.