Vulnerability Details CVE-2023-39284
An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.1%
CVSS Severity
CVSS v3 Score 5.5
References
Products affected by CVE-2023-39284
-
cpe:2.3:a:insyde:insydeh2o:5.2
-
cpe:2.3:a:insyde:insydeh2o:5.2.05.27.29
-
cpe:2.3:a:insyde:insydeh2o:5.2.05.28.22
-
cpe:2.3:a:insyde:insydeh2o:5.3
-
cpe:2.3:a:insyde:insydeh2o:5.3.05.36.29
-
cpe:2.3:a:insyde:insydeh2o:5.3.05.37.17
-
cpe:2.3:a:insyde:insydeh2o:5.3.05.37.22
-
cpe:2.3:a:insyde:insydeh2o:5.4
-
cpe:2.3:a:insyde:insydeh2o:5.4.05.44.13
-
cpe:2.3:a:insyde:insydeh2o:5.4.05.45.17
-
cpe:2.3:a:insyde:insydeh2o:5.4.05.45.22
-
cpe:2.3:a:insyde:insydeh2o:5.5
-
cpe:2.3:a:insyde:insydeh2o:5.5.05.52.13
-
cpe:2.3:a:insyde:insydeh2o:5.5.05.53.17
-
cpe:2.3:a:insyde:insydeh2o:5.5.05.53.22
-
cpe:2.3:a:insyde:insydeh2o:5.6
-
cpe:2.3:a:insyde:insydeh2o:5.6.05.60.17
-
cpe:2.3:a:insyde:insydeh2o:5.6.05.60.22