CVE-2023-22613

HIGH

Insyde InsydeH2O 5.0-5.5 - Out-of-bounds Write via Malformed RCX Pointer

Title source: llm
STIX 2.1

Description

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption.

Scores

CVSS v3 8.8
EPSS 0.0021
EPSS Percentile 11.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (4)
insyde/insydeh2o 05.27.37
insyde/insydeh2o 05.36.37
insyde/insydeh2o 05.44.45
insyde/insydeh2o 05.52.45
Published Apr 11, 2023
Tracked Since Feb 18, 2026