Lucene search

[email protected]CVE-2023-22613

HistoryApr 11, 2023 - 10:15 p.m.

CVE-2023-22613

2023-04-1122:15:07

CWE-787

[email protected]

web.nvd.nist.gov

cve

2023

22613

insyde

insydeh2o

smm

memory corruption

nvd safe

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption.

Affected configurations

NVD

Node

insydeinsydeh2oMatch05.27.37

insydeinsydeh2oMatch05.36.37

insydeinsydeh2oMatch05.44.45

insydeinsydeh2oMatch05.52.45

CPENameOperatorVersion
insyde:insydeh2oinsyde insydeh2oeq05.27.37
insyde:insydeh2oinsyde insydeh2oeq05.36.37
insyde:insydeh2oinsyde insydeh2oeq05.44.45
insyde:insydeh2oinsyde insydeh2oeq05.52.45

CPE	Name	Operator	Version
insyde:insydeh2o	insyde insydeh2o	eq	05.27.37
insyde:insydeh2o	insyde insydeh2o	eq	05.36.37
insyde:insydeh2o	insyde insydeh2o	eq	05.44.45
insyde:insydeh2o	insyde insydeh2o	eq	05.52.45

References

research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode/

www.insyde.com/security-pledge

www.insyde.com/security-pledge/SA-2023023

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-22613

cvelist1 prion1 nessus1 nvd1