PT-2022-16448 · Insyde · Insydeh2O

Published

2022-02-02

Updated

2022-03-29

CVE-2022-24069

CVSS v3.1

8.2

High

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions InsydeH2O with kernel versions prior to 05.08.41 InsydeH2O with kernel versions prior to 05.16.29 InsydeH2O with kernel versions prior to 05.26.29 InsydeH2O with kernel versions prior to 05.35.29 InsydeH2O with kernel versions prior to 05.43.29 InsydeH2O with kernel versions prior to 05.51.29

Description An issue in AhciBusDxe allows an attacker to hijack the execution flow of code running in System Management Mode, potentially leading to escalated privileges to SMM.

Recommendations Update the kernel to version 05.08.41 or later for kernel 5.0. Update the kernel to version 05.16.29 or later for kernel 5.1. Update the kernel to version 05.26.29 or later for kernel 5.2. Update the kernel to version 05.35.29 or later for kernel 5.3. Update the kernel to version 05.43.29 or later for kernel 5.4. Update the kernel to version 05.51.29 or later for kernel 5.5.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2022-24069

Affected Products

Insydeh2O

PT-2022-16448 · Insyde · Insydeh2O

CVE-2022-24069

Related Identifiers

Affected Products

References · 6