An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
References
Link | Resource |
---|---|
https://binarly.io/advisories/BRLY-2022-026/index.html | Third Party Advisory |
https://www.insyde.com/security-pledge | Vendor Advisory |
https://www.insyde.com/security-pledge/SA-2022035 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-20 |
28 Sep 2022, 16:06
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://binarly.io/advisories/BRLY-2022-026/index.html - Third Party Advisory | |
References | (MISC) https://www.insyde.com/security-pledge/SA-2022035 - Vendor Advisory | |
References | (MISC) https://www.insyde.com/security-pledge - Vendor Advisory | |
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:* | |
First Time |
Insyde insydeh2o
Insyde |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.2 |
23 Sep 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-23 19:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-35893
Mitre link : CVE-2022-35893
CVE.ORG link : CVE-2022-35893
JSON object : View
Products Affected
insyde
- insydeh2o
CWE
CWE-20
Improper Input Validation