Login Sign Up

CVE-2023-22613

8.8 HIGH

📋 TL;DR

This vulnerability allows attackers to write to arbitrary memory addresses in System Management Mode (SMM) by providing malformed pointers to SMI handlers. It affects systems running Insyde InsydeH2O firmware with kernel versions 5.0 through 5.5, potentially enabling SMM memory corruption and privilege escalation.

💻 Affected Systems

Products:
  • Insyde InsydeH2O firmware
Versions: Kernel versions 5.0 through 5.5
Operating Systems: Any OS running on affected firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems with InsydeH2O firmware from various OEMs; specific device models depend on OEM implementation.

📦 What is this software?

Insydeh2o by Insyde

View all CVEs affecting Insydeh2o →

Insydeh2o by Insyde

View all CVEs affecting Insydeh2o →

Insydeh2o by Insyde

View all CVEs affecting Insydeh2o →

Insydeh2o by Insyde

View all CVEs affecting Insydeh2o →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise including firmware persistence, bypassing all OS-level security controls, and potential hardware bricking.

🟠

Likely Case

Privilege escalation to SMM level, allowing attackers to bypass OS security mechanisms and maintain persistence.

🟢

If Mitigated

Limited impact if SMM protections are properly configured and firmware is updated, though risk remains for unpatched systems.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and ability to invoke SMI handlers; research details are publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel version 5.6 or later

Vendor Advisory: https://www.insyde.com/security-pledge/SA-2023023

Restart Required: Yes

Instructions:

1. Contact device manufacturer for BIOS/UEFI firmware update. 2. Download and install updated firmware. 3. Reboot system to apply changes.

🔧 Temporary Workarounds

SMM Memory Protection

all

Configure SMM memory protection mechanisms if available in firmware settings.

🧯 If You Can't Patch

  • Restrict physical access to vulnerable systems
  • Implement strict privilege separation and monitoring for SMM-related activities

🔍 How to Verify

Check if Vulnerable:

Check firmware version in BIOS/UEFI settings or using manufacturer-specific tools; kernel version 5.0-5.5 indicates vulnerability.

Check Version:

Manufacturer-specific commands vary; typically check via BIOS/UEFI setup or OEM-provided utilities.

Verify Fix Applied:

Verify firmware version is updated to kernel 5.6 or later through BIOS/UEFI interface.

📡 Detection & Monitoring

Log Indicators:

  • Unusual SMI handler invocations
  • Firmware modification attempts

Network Indicators:

  • None - local exploitation only

SIEM Query:

Search for firmware update events or SMM-related security alerts specific to your environment.

📊 Metadata

CVE ID: CVE-2023-22613
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-787
Published: April 11, 2023
Last Updated: February 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-22613, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)