References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Known Affected Software Configurations Switch to CPE 2.2

Change History

https://www.insyde.com/security-pledge

https://www.insyde.com/security-pledge/SA-2023027

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Specially formatted buffer contents used for software SMI could cause SMRAM corruption, leading to escalation of privilege.

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI function 0x17 verifies that the output buffer lies within the command buffer but does not verify that output data does not go beyond the end of the command buffer. In particular, the GetFlashTable function is called directly on the Command Buffer before the DataSize is check, leading to possible circumstances where the data immediately following the command buffer could be destroyed before returning a buff

NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

NIST CWE-120

OR
     *cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:* versions from (including) 5.0 up to (including) 5.5

https://www.insyde.com/security-pledge No Types Assigned

https://www.insyde.com/security-pledge Vendor Advisory

https://www.insyde.com/security-pledge/SA-2023027 No Types Assigned

https://www.insyde.com/security-pledge/SA-2023027 Vendor Advisory