Lucene search
HistorySep 21, 2022 - 9:15 p.m.
CVE-2022-35895
insydeh2o
fwblocksericcesmm
memory corruption
arbitrary code execution
cve-2022-35895
CVSS3
8.2
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS
0.001
Percentile
33.4%
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The FwBlockSericceSmm driver does not properly validate input parameters for a software SMI routine, leading to memory corruption of arbitrary addresses including SMRAM, and possible arbitrary code execution.
Affected configurations
Node
insydeinsydeh2oRange5.0–05.09.37
Node
insydeinsydeh2oRange5.1–05.17.37
Node
insydeinsydeh2oRange5.2–05.27.29
Node
insydeinsydeh2oRange5.3–05.36.29
Node
insydeinsydeh2oRange5.4–05.44.29
Node
insydeinsydeh2oRange5.5–05.52.29
Related
prion
prion
Memory corruption
2022-09-21 21:15:00
cve
cve
CVE-2022-35895
2022-09-21 21:15:09
nessus
nessus
Siemens InsydeH2O Out-of-bounds Write (CVE-2022-35895)
2023-09-26 00:00:00
cvelist
cvelist
CVE-2022-35895
2022-09-21 20:36:15
ics
ics
Siemens RUGGEDCOM APE1808 Product Family
2023-09-14 12:00:00
CVSS3
8.2
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS
0.001
Percentile
33.4%
Related for NVD:CVE-2022-35895