First published: Tue Apr 11 2023(Updated: )
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Insyde InsydeH2O | =05.27.37 | |
Insyde InsydeH2O | =05.36.37 | |
Insyde InsydeH2O | =05.44.45 | |
Insyde InsydeH2O | =05.52.45 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-22613 is high with a severity value of 8.8.
CVE-2023-22613 allows an attacker to write to an attacker-controlled address in Insyde InsydeH2O with kernel versions 5.0 through 5.5, resulting in SMM memory corruption.
Yes, Insyde has released patches to address the vulnerability. Please refer to their security pledge for more information.
You can find more information about CVE-2023-22613 in the following references: [link 1], [link 2], [link 3].
The Common Weakness Enumeration (CWE) ID for CVE-2023-22613 is CWE-787.