Lucene search

K
nvd[email protected]NVD:CVE-2022-35894
HistorySep 22, 2022 - 6:15 p.m.

CVE-2022-35894

2022-09-2218:15:10
CWE-401
web.nvd.nist.gov
6
insydeh2o
smi handler
kernel 5.0-5.5
fwblockservicesmm driver
information disclosure

CVSS3

6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

20.0%

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure.

Affected configurations

Nvd
Node
insydeinsydeh2oRange5.005.09.37
Node
insydeinsydeh2oRange5.15.17.37
Node
insydeinsydeh2oRange5.205.27.29
Node
insydeinsydeh2oRange5.305.36.29
Node
insydeinsydeh2oRange5.405.44.29
Node
insydeinsydeh2oRange5.505.52.29

CVSS3

6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

20.0%

Related for NVD:CVE-2022-35894