An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the first, then the buffer will be overwritten. This issue affects the SetupUtility driver of InsydeH2O.
References
Link | Resource |
---|---|
https://www.insyde.com/security-pledge | Vendor Advisory |
https://www.insyde.com/security-pledge/SA-2022040 | Vendor Advisory |
https://www.insyde.com/security-pledge | Vendor Advisory |
https://www.insyde.com/security-pledge/SA-2022040 | Vendor Advisory |
Configurations
History
21 Nov 2024, 07:11
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.insyde.com/security-pledge - Vendor Advisory | |
References | () https://www.insyde.com/security-pledge/SA-2022040 - Vendor Advisory |
Information
Published : 2022-11-22 02:15
Updated : 2024-11-21 07:11
NVD link : CVE-2022-35407
Mitre link : CVE-2022-35407
CVE.ORG link : CVE-2022-35407
JSON object : View
Products Affected
insyde
- kernel
CWE
CWE-787
Out-of-bounds Write