CVE-2023-22615

EUVD-2023-26751
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI subfunction execution may corrupt SMRAM. An attacker can pass an address in the RCX save state register that overlaps SMRAM, thereby coercing an IHISI subfunction handler to overwrite private SMRAM.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.4 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
CISA-ADPADP
8.4 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
insydeinsydeh2o
05.37.03
insydeinsydeh2o
05.45.01
insydeinsydeh2o
05.53.01
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2023021
https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2023021