CVE-2023-22612

HIGH

Insyde InsydeH2O 5.0-5.5 - Memory Corruption via IhisiSmm SMI Handler

Title source: llm
STIX 2.1

Description

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. A malicious host OS can invoke an Insyde SMI handler with malformed arguments, resulting in memory corruption in SMM.

Scores

CVSS v3 8.8
EPSS 0.0023
EPSS Percentile 13.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-787
Status published
Products (6)
insyde/insydeh2o 05.0a.11
insyde/insydeh2o 05.18.03
insyde/insydeh2o 05.28.03
insyde/insydeh2o 05.37.03
insyde/insydeh2o 05.45.01
insyde/insydeh2o 05.53.01
Published Apr 11, 2023
Tracked Since Feb 18, 2026