8.8

CVE-2023-22612

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. A malicious host OS can invoke an Insyde SMI handler with malformed arguments, resulting in memory corruption in SMM.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
InsydeInsydeh2o Version05.0a.11
InsydeInsydeh2o Version05.18.03
InsydeInsydeh2o Version05.28.03
InsydeInsydeh2o Version05.37.03
InsydeInsydeh2o Version05.45.01
InsydeInsydeh2o Version05.53.01
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.23% 0.133
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2 6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2 6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.insyde.com/security-pledge
Vendor Advisory
https://research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode/
Not Applicable
https://www.insyde.com/security-pledge/SA-2023019
Vendor Advisory