← Back

CVE-2022-30772

nvd nist
Published: Nov 15, 2022Modified: Apr 30, 2025

JSON object

Loading...
8.2
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Exploitability: 1.5 / Impact: 6.0
Source: NVD

Description

Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrite SMRAM or OS kernel memory. This issue was discovered by Insyde engineering during a security review. This issue is fixed in: Kernel 5.0: 05.09.41 Kernel 5.1: 05.17.43 Kernel 5.2: 05.27.30 Kernel 5.3: 05.36.30 Kernel 5.4: 05.44.30 Kernel 5.5: 05.52.30 https://www.insyde.com/security-pledge/SA-2022065

Affected (6)

Products: Insyde: Kernel
Insyde
1 product
Kernel
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Insyde
Kernel
From 5.0 to 5.0.05.09.41
Kernel
From 5.1 to 5.1.05.17.43
Kernel
From 5.2 to 5.2.05.27.30
Kernel
From 5.3 to 5.3.05.36.30
Kernel
From 5.4 to 5.4.05.44.30
Kernel
From 5.5 to 5.5.05.52.30

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.