An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There is insufficient input validation in BIOS Guard updates. An attacker can induce memory corruption in SMM by supplying malformed inputs to the BIOS Guard SMI handler.
References
Link | Resource |
---|---|
https://research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode/ | Exploit Third Party Advisory |
https://www.insyde.com/security-pledge | Vendor Advisory |
https://www.insyde.com/security-pledge/SA-2023020 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
14 Aug 2023, 18:21
Type | Values Removed | Values Added |
---|---|---|
First Time |
Insyde insydeh2o
|
|
CPE | cpe:2.3:a:insyde:insydeh20:05.44.45.0028:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh20:05.44.34.0054:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh20:05.44.45.0015:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh20:05.43.01.0026:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh20:05.42.52.0026:*:*:*:*:*:*:* |
cpe:2.3:a:insyde:insydeh2o:05.43.01.0026:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh2o:05.44.45.0028:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh2o:05.43.12.0056:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh2o:05.44.34.0054:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh2o:05.44.45.0015:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh2o:05.42.52.0026:*:*:*:*:*:*:* |
08 May 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 | |
CPE | cpe:2.3:a:insyde:insydeh20:05.43.12.0056:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh20:05.44.34.0054:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh20:05.43.01.0026:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh20:05.42.52.0026:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh20:05.44.45.0015:*:*:*:*:*:*:* cpe:2.3:a:insyde:insydeh20:05.44.45.0028:*:*:*:*:*:*:* |
|
First Time |
Insyde
Insyde insydeh20 |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | (MISC) https://www.insyde.com/security-pledge/SA-2023020 - Vendor Advisory | |
References | (MISC) https://research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode/ - Exploit, Third Party Advisory | |
References | (MISC) https://www.insyde.com/security-pledge - Vendor Advisory |
11 Apr 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-11 21:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-22614
Mitre link : CVE-2023-22614
CVE.ORG link : CVE-2023-22614
JSON object : View
Products Affected
insyde
- insydeh2o
CWE
CWE-787
Out-of-bounds Write