CVE-2023-22615
HIGHInsyde InsydeH2O 5.0-5.5 - Out-of-bounds Write in IhisiSmm via RCX Save State Register
Title source: llmDescription
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI subfunction execution may corrupt SMRAM. An attacker can pass an address in the RCX save state register that overlaps SMRAM, thereby coercing an IHISI subfunction handler to overwrite private SMRAM.
References (2)
Core 2
Core References
Vendor Advisory
https://www.insyde.com/security-pledge
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2023021
Scores
CVSS v3
8.4
EPSS
0.0020
EPSS Percentile
10.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-787
Status
published
Products (3)
insyde/insydeh2o
05.37.03
insyde/insydeh2o
05.45.01
insyde/insydeh2o
05.53.01
Published
Apr 11, 2023
Tracked Since
Feb 18, 2026