← Back

CVE-2022-35895

nvd nist
Published: Sep 21, 2022Modified: May 5, 2025

JSON object

Loading...
8.2
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Exploitability: 1.5 / Impact: 6.0
Source: NVD

Description

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The FwBlockSericceSmm driver does not properly validate input parameters for a software SMI routine, leading to memory corruption of arbitrary addresses including SMRAM, and possible arbitrary code execution.

Affected (6)

Products: Insyde: Insydeh2o
Insyde
1 product
Insydeh2o
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Insydeh2o
From 5.0 to 05.09.37
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Insydeh2o
From 5.1 to 05.17.37
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Insydeh2o
From 5.2 to 05.27.29
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Insydeh2o
From 5.3 to 05.36.29
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
Insydeh2o
From 5.4 to 05.44.29
Configuration F
1 vulnerable
Vulnerable SoftwareAffected Versions
Insydeh2o
From 5.5 to 05.52.29

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (6)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.