An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of SMRAM, leading to information disclosure.
References
Link | Resource |
---|---|
https://binarly.io/advisories/BRLY-2022-025/index.html | Exploit Third Party Advisory |
https://www.insyde.com/security-pledge | Vendor Advisory |
https://www.insyde.com/security-pledge/SA-2022034 | Vendor Advisory |
Configurations
History
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-20 |
Information
Published : 2022-09-22 00:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-35896
Mitre link : CVE-2022-35896
CVE.ORG link : CVE-2022-35896
JSON object : View
Products Affected
insyde
- insydeh2o
CWE
CWE-20
Improper Input Validation