Insyde Security Advisory 2023055

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2023055 Software CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.3 10/31/2023 10/31/2023


CsmInt10HookSmm: SMM memory corruption vulnerability in SMM driver (SMRAM write).

Vulnerability Details:


SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Solution Information:

Intel Mobile Platforms
Raptor Lake: Version
Alder Lake: Version


Thanks to the BINARLY efiXplorer team, 3rd party researchers, for reporting the vulnerability and engaging in this coordinated disclosure.

Revision History:

Revision Date Description
1.0 10/31/2023 Initial Release
-- -- --

Return to Insyde's Security Pledge