Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2022-35897
HistoryNov 21, 2022 - 12:00 a.m.

CVE-2022-35897

2022-11-2100:00:00
mitre
www.cve.org
2
insydeh2o
kernel 5.0-5.5
arbitrary code execution
uefi variables
stack overflow
spi modification
securebootenforce
secureboot
restorebootsettings

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

32.7%

JSON

An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally locked (read-only) at the OS level and therefore an attack would require direct SPI modification. If an attacker can change the values of at least two variables out of three (SecureBootEnforce, SecureBoot, RestoreBootSettings), it is possible to execute arbitrary code.

Related

cve 1
nvd 1
prion 1
cve
cve
CVE-2022-35897
2022-11-21 17:15:25
nvd
nvd
CVE-2022-35897
2022-11-21 17:15:25
prion
prion
Stack overflow
2022-11-21 17:15:00

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

32.7%

JSON
Related for CVELIST:CVE-2022-35897
cve1nvd1prion1