An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI subfunction execution may corrupt SMRAM. An attacker can pass an address in the RCX save state register that overlaps SMRAM, thereby coercing an IHISI subfunction handler to overwrite private SMRAM.
References
Link | Resource |
---|---|
https://www.insyde.com/security-pledge | Vendor Advisory |
https://www.insyde.com/security-pledge/SA-2023021 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
14 Aug 2023, 18:21
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:insyde:insydeh20:05.53.01:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh20:05.45.01:*:*:*:*:*:*:* |
cpe:2.3:a:insyde:insydeh2o:05.45.01:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh2o:05.37.03:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh2o:05.53.01:*:*:*:*:*:*:* |
26 Apr 2023, 14:02
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-11 21:15
Updated : 2024-02-04 23:37
NVD link : CVE-2023-22615
Mitre link : CVE-2023-22615
CVE.ORG link : CVE-2023-22615
JSON object : View
Products Affected
insyde
- insydeh2o
CWE
CWE-787
Out-of-bounds Write