Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2022-32471
HistoryFeb 15, 2023 - 12:00 a.m.

CVE-2022-32471

2023-02-1500:00:00
mitre
www.cve.org
cve-2022-32471
insydeh2o
ihisismm
kernel 5.0-5.5
dma attack
data corruption
privilege escalation

0.0004 Low

EPSS

Percentile

9.1%

JSON

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. The IhisiDxe driver uses the command buffer to pass input and output data. By modifying the command buffer contents with DMA after the input parameters have been checked but before they are used, the IHISI SMM code may be convinced to modify SMRAM or OS, leading to possible data corruption or escalation of privileges.

Related

nessus 1
prion 1
cve 1
nvd 1
ics 2
nessus
nessus
Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32471)
2023-09-26 00:00:00
prion
prion
Command injection
2023-02-15 02:15:00
cve
cve
CVE-2022-32471
2023-02-15 02:15:09
nvd
nvd
CVE-2022-32471
2023-02-15 02:15:09
ics
ics
Siemens RUGGEDCOM APE1808 Product Family
2023-03-21 12:00:00
Siemens RUGGEDCOM APE1808 Product Family
2023-09-14 12:00:00

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for CVELIST:CVE-2022-32471
nessus1prion1cve1nvd1ics2