Lucene search
HistorySep 23, 2022 - 7:15 p.m.
CVE-2022-35893
insydeh2o
kernel 5.0-5.5
smm memory corruption
fvbservicesruntimedxe
smram
escalating privileges
CVSS3
8.2
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS
0
Percentile
12.6%
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Affected configurations
Node
insydeinsydeh2oRange5.0–05.09.37
Node
insydeinsydeh2oRange5.1–05.17.37
Node
insydeinsydeh2oRange5.2–05.27.29
Node
insydeinsydeh2oRange5.3–05.36.29
Node
insydeinsydeh2oRange5.4–05.44.29
Node
insydeinsydeh2oRange5.5–05.52.29
Related
prion
prion
Memory corruption
2022-09-23 19:15:00
nessus
nessus
Siemens InsydeH2O Improper Input Validation (CVE-2022-35893)
2023-09-26 00:00:00
cve
cve
CVE-2022-35893
2022-09-23 19:15:14
cnvd
cnvd
Insyde InsydeH2O Elevation of Privilege Vulnerability
2022-09-28 00:00:00
cvelist
cvelist
CVE-2022-35893
2022-09-23 18:01:47
ics
ics
Siemens RUGGEDCOM APE1808 Product Family
2023-09-14 12:00:00
CVSS3
8.2
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS
0
Percentile
12.6%
Related for NVD:CVE-2022-35893