CVE-2023-22613

Published Apr 11, 2023

Last updated a year ago

Overview

Description: An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 6
Exploitability score: 2
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:insyde:insydeh2o:05.27.37:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DF2D092-D7B1-496B-BF62-512E87CF5992"
          },
          {
            "criteria": "cpe:2.3:a:insyde:insydeh2o:05.36.37:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F46B2E5-D56C-48CA-B670-28A1184CCBE9"
          },
          {
            "criteria": "cpe:2.3:a:insyde:insydeh2o:05.44.45:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D7138EB-F30F-4CF4-944C-90A15007307A"
          },
          {
            "criteria": "cpe:2.3:a:insyde:insydeh2o:05.52.45:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4009D6A5-6C19-451A-942C-BFE9EDA37931"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References