CVE-2023-27373 Information

Description

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Due to insufficient input validation an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM.

Reference

https://www.insyde.com/security-pledge/SA-2023035