CVE-2023-22613 Information

Description

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM resulting in SMM memory corruption.

Reference

https://www.insyde.com/security-pledge https://research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode/ https://www.insyde.com/security-pledge/SA-2023023