GSD-2023-22614 — Vulnetix

GSD-2023-22614 PUBLISHED CVSS 8.800000190734863 HIGH

An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There is insufficient input validation in BIOS Guard updates. An attacker can induce memory corruption in SMM by supplying malformed inputs to the BIOS Guard SMI handler.

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a

Timeline

Apr 22, 2026 CVE Published

References

https://www.insyde.com/security-pledge url
https://www.insyde.com/security-pledge/SA-2023020 url
https://research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode/ url

Open in Interactive Console →