Lucene search
PRIOn knowledge basePRION:CVE-2022-32471HistoryFeb 15, 2023 - 2:15 a.m.
Command injection
2023-02-1502:15:00
PRIOn knowledge base
www.prio-n.com
2
ihisismm
insydeh2o
kernel 5.0
command buffer
dma
data corruption
privileges escalation
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. The IhisiDxe driver uses the command buffer to pass input and output data. By modifying the command buffer contents with DMA after the input parameters have been checked but before they are used, the IHISI SMM code may be convinced to modify SMRAM or OS, leading to possible data corruption or escalation of privileges.
| CPE | Name | Operator | Version |
|---|---|---|---|
| insydeh2o | ge | 5.0 | |
| insydeh2o | lt | 5.2.05.27.37 | |
| insydeh2o | ge | 5.3 | |
| insydeh2o | lt | 5.3.05.36.37 | |
| insydeh2o | ge | 5.4 | |
| insydeh2o | lt | 5.4.05.44.45 | |
| insydeh2o | ge | 5.5 | |
| insydeh2o | lt | 5.5.05.52.45 |
Related
nessus
nessus
Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32471)
2023-09-26 00:00:00
cve
cve
CVE-2022-32471
2023-02-15 02:15:09
nvd
nvd
CVE-2022-32471
2023-02-15 02:15:09
cvelist
cvelist
CVE-2022-32471
2023-02-15 00:00:00
ics
ics
Siemens RUGGEDCOM APE1808 Product Family
2023-03-21 12:00:00
Siemens RUGGEDCOM APE1808 Product Family
2023-09-14 12:00:00