CVE-2022-30772

Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrite SMRAM or OS kernel memory. This issue was discovered by Insyde engineering during a security review. This issue is fixed in: Kernel 5.0: 05.09.41 Kernel 5.1: 05.17.43 Kernel 5.2: 05.27.30 Kernel 5.3: 05.36.30 Kernel 5.4: 05.44.30 Kernel 5.5: 05.52.30 https://www.insyde.com/security-pledge/SA-2022065

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.insyde.com/security-pledge	Vendor Advisory
https://www.insyde.com/security-pledge/SA-2022065	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:insyde:kernel::::::::
	cpe:2.3:o:insyde:kernel::::::::
	cpe:2.3:o:insyde:kernel::::::::
	cpe:2.3:o:insyde:kernel::::::::
	cpe:2.3:o:insyde:kernel::::::::
	cpe:2.3:o:insyde:kernel::::::::

History

23 Nov 2022, 17:24

Type	Values Removed	Values Added
References	~~(MISC) https://www.insyde.com/security-pledge/SA-2022065 -~~	(MISC) https://www.insyde.com/security-pledge/SA-2022065 - Vendor Advisory
References	~~(MISC) https://www.insyde.com/security-pledge -~~	(MISC) https://www.insyde.com/security-pledge - Vendor Advisory
First Time		Insyde kernel Insyde
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.2
CPE		cpe:2.3:o:insyde:kernel::::::::
CWE		CWE-787

15 Nov 2022, 21:56

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-11-15 21:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-30772

Mitre link : CVE-2022-30772

CVE.ORG link : CVE-2022-30772

JSON object : View

Products Affected

insyde

kernel

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2022-30772", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.5}]}, "published": "2022-11-15T21:15:36.967", "references": [{"url": "https://www.insyde.com/security-pledge", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.insyde.com/security-pledge/SA-2022065", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrite SMRAM or OS kernel memory. This issue was discovered by Insyde engineering during a security review. This issue is fixed in: Kernel 5.0: 05.09.41 Kernel 5.1: 05.17.43 Kernel 5.2: 05.27.30 Kernel 5.3: 05.36.30 Kernel 5.4: 05.44.30 Kernel 5.5: 05.52.30 https://www.insyde.com/security-pledge/SA-2022065"}, {"lang": "es", "value": "La manipulaci\u00f3n de la direcci\u00f3n de entrada en la funci\u00f3n PnpSmm 0x52 podr\u00eda ser utilizada por malware para sobrescribir SMRAM o la memoria del kernel del Sistema Operativo. A la funci\u00f3n 0x52 del controlador PnpSmm se le pasa la direcci\u00f3n y el tama\u00f1o de los datos para escribir en la tabla SMBIOS, pero el malware podr\u00eda utilizar la manipulaci\u00f3n de la direcci\u00f3n para sobrescribir SMRAM o la memoria del kernel del Sistema Operativo. Este problema fue descubierto por la ingenier\u00eda de Insyde durante una revisi\u00f3n de seguridad. Este problema se solucion\u00f3 en: Kernel 5.0: 05.09.41 Kernel 5.1: 05.17.43 Kernel 5.2: 05.27.30 Kernel 5.3: 05.36.30 Kernel 5.4: 05.44.30 Kernel 5.5: 05.52.30 \nhttps://www.insyde.com/security-pledge/SA-2022065"}], "lastModified": "2022-11-23T17:24:07.367", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB28033A-E19C-48E1-8102-3DA3A3E7151F", "versionEndExcluding": "5.0.05.09.41", "versionStartIncluding": "5.0"}, {"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFE53C31-5FBE-4466-B1D5-8A932BAA952A", "versionEndExcluding": "5.1.05.17.43", "versionStartIncluding": "5.1"}, {"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D6DDEF0-F902-422B-982A-B06D9B249565", "versionEndExcluding": "5.2.05.27.30", "versionStartIncluding": "5.2"}, {"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2696DAE6-A3F9-4902-B9D7-38B2D88D0E57", "versionEndExcluding": "5.3.05.36.30", "versionStartIncluding": "5.3"}, {"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1EF4E69-0514-4BB8-A2B2-3DD72D2CB2E3", "versionEndExcluding": "5.4.05.44.30", "versionStartIncluding": "5.4"}, {"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "643056D6-2573-4B71-935F-044E83EF81E9", "versionEndExcluding": "5.5.05.52.30", "versionStartIncluding": "5.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}