Lucene search

MitreCVE-2022-35895

HistorySep 21, 2022 - 9:15 p.m.

CVE-2022-35895

2022-09-2121:15:09

CWE-787

mitre

web.nvd.nist.gov

insyde

insydeh2o

cve-2022-35895

kernel 5.0

kernel 5.5

fwblocksericcesmm

memory corruption

smram

arbitrary code execution

nvd

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

33.4%

JSON

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The FwBlockSericceSmm driver does not properly validate input parameters for a software SMI routine, leading to memory corruption of arbitrary addresses including SMRAM, and possible arbitrary code execution.

Affected configurations

Nvd

Node

insydeinsydeh2oRange5.0–05.09.37

Node

insydeinsydeh2oRange5.1–05.17.37

Node

insydeinsydeh2oRange5.2–05.27.29

Node

insydeinsydeh2oRange5.3–05.36.29

Node

insydeinsydeh2oRange5.4–05.44.29

Node

insydeinsydeh2oRange5.5–05.52.29

VendorProductVersionCPE
insydeinsydeh2o*cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
insyde	insydeh2o	*	cpe:2.3:a:insyde:insydeh2o::::::::

References

binarly.io/advisories/BRLY-2022-024/index.html

www.insyde.com/security-pledge

www.insyde.com/security-pledge/SA-2022033

Social References

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

33.4%

JSON

Related for CVE-2022-35895