Insufficient Input Validation in InsydeH2O IhisiSmm Driver Leads to SMRAM Corruption

Insufficient Input Validation in InsydeH2O IhisiSmm Driver Leads to SMRAM Corruption

CVE-2023-22616 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register is not checked before use. The IhisiSmm driver does not check the value of a save state register before use. Due to insufficient input validation, an attacker can corrupt SMRAM.

Learn more about our Web Application Penetration Testing UK.