CVE-2022-35896

An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of SMRAM, leading to information disclosure.
Configurations

Configuration 1 (hide)

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

History

08 Aug 2023, 14:21

Type Values Removed Values Added
CWE CWE-119 CWE-20

Information

Published : 2022-09-22 00:15

Updated : 2024-02-28 19:29


NVD link : CVE-2022-35896

Mitre link : CVE-2022-35896

CVE.ORG link : CVE-2022-35896


JSON object : View

Products Affected

insyde

  • insydeh2o
CWE
CWE-20

Improper Input Validation