3 matches found
Siemens InsydeH2O Missing Release of Memory after Effective Lifetime (CVE-2022-35894)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker- specified buffer, leading to information disclosure. Insyde BIOS is typically used in RUGGEDCOM APE...
CVE-2022-35894
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure...
CVE-2022-35894
CVE-2022-35894 affects Insyde InsydeH2O BIOS (kernel versions 5.0–5.5). The vulnerability stems from the SMI handler for the FwBlockServiceSmm driver using an untrusted pointer as the destination to copy data, enabling information disclosure to an attacker-controlled buffer. Public sources consis...