CVE-2022-35895

Description

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The FwBlockSericceSmm driver does not properly validate input parameters for a software SMI routine, leading to memory corruption of arbitrary addresses including SMRAM, and possible arbitrary code execution.

Related CPE's

a insyde insydeh2o ********

References

https://binarly.io/advisories/BRLY-2022-024/index.html

ExploitThird Party Advisory

https://www.insyde.com/security-pledge/SA-2022033

Vendor Advisory

https://www.insyde.com/security-pledge

Vendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io