An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM memory corruption vulnerability in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
References
Link | Resource |
---|---|
https://binarly.io/advisories/BRLY-2022-026/index.html | Third Party Advisory |
https://www.insyde.com/security-pledge | Vendor Advisory |
https://www.insyde.com/security-pledge/SA-2022035 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-20 |
Information
Published : 2022-09-23 19:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-35893
Mitre link : CVE-2022-35893
CVE.ORG link : CVE-2022-35893
JSON object : View
Products Affected
insyde
- insydeh2o
CWE
CWE-20
Improper Input Validation