First published: Thu Nov 02 2023(Updated: )
An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Insyde InsydeH2O | >=5.2<5.2.05.28.33 | |
Insyde InsydeH2O | >=5.3<5.3.05.37.33 | |
Insyde InsydeH2O | >=5.4<5.4.05.45.33 | |
Insyde InsydeH2O | >=5.5<5.5.05.53.33 | |
Insyde InsydeH2O | >=5.6<5.6.05.60.33 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-39284 is medium.
Insyde InsydeH2O versions 5.0 through 5.5 are affected by CVE-2023-39284.
To fix CVE-2023-39284, it is recommended to apply the latest security patches and updates for Insyde InsydeH2O.
You can find more information about CVE-2023-39284 on the Insyde security pledge page and in security advisory SA-2023056.