Vulnerability CVE-2023-22613
Published: 2023-04-11   Modified: 2023-04-12

Description:
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption.

 References:
https://www.insyde.com/security-pledge
https://research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode/
https://www.insyde.com/security-pledge/SA-2023023
Copyright 2026, cxsecurity.com

 

Back to Top