CVE-2023-27373

Name of the Vulnerable Software and Affected Versions Insyde InsydeH2O with kernel 5.0 through 5.5

Description An issue was discovered due to insufficient input validation, allowing an attacker to tamper with a runtime-accessible EFI variable. This can cause a dynamic BAR setting to overlap SMRAM.

Recommendations For Insyde InsydeH2O with kernel 5.0 through 5.5, consider restricting access to runtime-accessible EFI variables to prevent tampering until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.