Insyde Security Advisory 2023021

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2023021 Software CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:L 6.4 04/10/2023 04/10/2023


IhisiServicesSmm: IHISI Subfunction Execution May Corrupt SMRAM.

Vulnerability Details


An attacker can pass an address in the RCX save state register that overlaps SMRAM, thereby coercing an IHISI subfunction handler to overwrite private SMRAM.

Kernel 5.3: Version 05.37.03
Kernel 5.4: Version 05.45.01
Kernel 5.5: Version 05.53.01


Insyde Software would like to thank Jeremy Boone (@uffeux) of the NCC Group for reporting the vulnerability and engaging in this coordinated disclosure.

Revision History:

Revision Date Description
1.0 04/10/2023 Initial Release
-- -- --

Return to Insyde's Security Pledge