CVE-2023-39284 Information

Description

An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler.

Reference

https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2023056