CVE-2023-22615

HIGH

Insyde InsydeH2O 5.0-5.5 - Out-of-bounds Write in IhisiSmm via RCX Save State Register

Title source: llm
STIX 2.1

Description

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI subfunction execution may corrupt SMRAM. An attacker can pass an address in the RCX save state register that overlaps SMRAM, thereby coercing an IHISI subfunction handler to overwrite private SMRAM.

References (2)

Core 2

Scores

CVSS v3 8.4
EPSS 0.0020
EPSS Percentile 10.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (3)
insyde/insydeh2o 05.37.03
insyde/insydeh2o 05.45.01
insyde/insydeh2o 05.53.01
Published Apr 11, 2023
Tracked Since Feb 18, 2026