CVE-2023-22614
HIGHInsyde InsydeH2O 5.0-5.5 - Out-of-bounds Write via BIOS Guard SMI Handler
Title source: llmDescription
An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There is insufficient input validation in BIOS Guard updates. An attacker can induce memory corruption in SMM by supplying malformed inputs to the BIOS Guard SMI handler.
References (3)
Core 3
Core References
Exploit, Third Party Advisory
https://research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode/
Vendor Advisory
https://www.insyde.com/security-pledge
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2023020
Scores
CVSS v3
8.8
EPSS
0.0038
EPSS Percentile
29.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-787
Status
published
Products (6)
insyde/insydeh2o
05.42.52.0026
insyde/insydeh2o
05.43.01.0026
insyde/insydeh2o
05.43.12.0056
insyde/insydeh2o
05.44.34.0054
insyde/insydeh2o
05.44.45.0015
insyde/insydeh2o
05.44.45.0028
Published
Apr 11, 2023
Tracked Since
Feb 18, 2026