GSD-2023-22616 — Vulnetix

GSD-2023-22616 PUBLISHED CVSS 7.800000190734863 HIGH

An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register is not checked before use. The IhisiSmm driver does not check the value of a save state register before use. Due to insufficient input validation, an attacker can corrupt SMRAM.

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a

Timeline

Apr 22, 2026 CVE Published

References

https://www.insyde.com/security-pledge url
https://research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode/ url
https://www.insyde.com/security-pledge/SA-2023022 url

Open in Interactive Console →