CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-22612

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. A malicious host OS can invoke an Insyde SMI handler with malformed arguments, resulting in memory corruption in SMM.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.4%

CVSS Severity

CVSS v3 Score 8.8

References

https://research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode/
https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2023019
https://research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode/
https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2023019

Products affected by CVE-2023-22612

Insyde » Insydeh2o » Version: 05.0a.11

cpe:2.3:a:insyde:insydeh2o:05.0a.11
Insyde » Insydeh2o » Version: 05.18.03

cpe:2.3:a:insyde:insydeh2o:05.18.03
Insyde » Insydeh2o » Version: 05.28.03

cpe:2.3:a:insyde:insydeh2o:05.28.03
Insyde » Insydeh2o » Version: 05.37.03

cpe:2.3:a:insyde:insydeh2o:05.37.03
Insyde » Insydeh2o » Version: 05.45.01

cpe:2.3:a:insyde:insydeh2o:05.45.01
Insyde » Insydeh2o » Version: 05.53.01

cpe:2.3:a:insyde:insydeh2o:05.53.01

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-22612

Products

Pricing

Contact Us