Arbitrary SetVariable Calls in IhisiServicesSmm SMI Handler

Arbitrary SetVariable Calls in IhisiServicesSmm SMI Handler

CVE-2023-39284 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler.

Learn more about our Web Application Penetration Testing UK.