CVE-2022-35896

Description

An issue SMM memory leak vulnerability in SMM driver (SMRAM was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An attacker can dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver to read the contents of SMRAM, leading to information disclosure.

Related CPE's

a insyde insydeh2o ********

References

https://www.insyde.com/security-pledge/SA-2022034

Vendor Advisory

https://www.insyde.com/security-pledge

Vendor Advisory

https://binarly.io/advisories/BRLY-2022-025/index.html

ExploitThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io