CVE-2023-22613

Name of the Vulnerable Software and Affected Versions Insyde InsydeH2O with kernel versions 5.0 through 5.5

Description An issue was discovered in IhisiSmm that allows writing to an attacker-controlled address. This can be achieved by invoking an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption.

Recommendations For versions 5.0 through 5.5, consider disabling the SMI handler invocation with a malformed pointer in RCX to minimize the risk of SMM memory corruption until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.