CVE-2023-39283

Name of the Vulnerable Software and Affected Versions Insyde InsydeH2O versions 5.0 through 5.5

Description A memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm allows attackers to send arbitrary data to SMM, which could lead to privilege escalation. The vulnerability is related to the SimpleModeData[Index].LinearFrameBuffer pointer, which can be controlled by an attacker through the Int10HookPrivateDataVariable NVRAM.

Recommendations For Insyde InsydeH2O versions 5.0 through 5.5, consider disabling the CsmInt10HookSmm function until a patch is available to prevent attackers from sending arbitrary data to SMM. Additionally, restrict access to the Int10HookPrivateDataVariable NVRAM to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.