Vulnerability Database

289,689

Total vulnerabilities in the database

CVE-2023-22614

An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There is insufficient input validation in BIOS Guard updates. An attacker can induce memory corruption in SMM by supplying malformed inputs to the BIOS Guard SMI handler.

  • Published: Apr 11, 2023
  • Updated: May 9, 2023
  • CVE: CVE-2023-22614
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWEs:

Software From Fixed in
insyde / insydeh2o 05.44.45.0028 05.44.45.0028.x
insyde / insydeh2o 05.44.45.0015 05.44.45.0015.x
insyde / insydeh2o 05.44.34.0054 05.44.34.0054.x
insyde / insydeh2o 05.42.52.0026 05.42.52.0026.x
insyde / insydeh2o 05.43.12.0056 05.43.12.0056.x
insyde / insydeh2o 05.43.01.0026 05.43.01.0026.x