PT-2022-20305 · Insyde · Insydeh2O Uefi Firmware

Published

2022-11-15

Updated

2022-11-23

CVE-2022-30771

CVSS v3.1

8.2

High

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions InsydeH2O UEFI firmware Kernel 5.1 versions prior to 05.17.25 InsydeH2O UEFI firmware Kernel 5.2 versions prior to 05.27.25 InsydeH2O UEFI firmware Kernel 5.3 versions prior to 05.36.25 InsydeH2O UEFI firmware Kernel 5.4 versions prior to 05.44.25 InsydeH2O UEFI firmware Kernel 5.5 versions prior to 05.52.25

Description The initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineering during a security review.

Recommendations For Kernel 5.1 versions prior to 05.17.25, update to version 05.17.25 or later. For Kernel 5.2 versions prior to 05.27.25, update to version 05.27.25 or later. For Kernel 5.3 versions prior to 05.36.25, update to version 05.36.25 or later. For Kernel 5.4 versions prior to 05.44.25, update to version 05.44.25 or later. For Kernel 5.5 versions prior to 05.52.25, update to version 05.52.25 or later.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2022-30771

Affected Products

Insydeh2O Uefi Firmware

PT-2022-20305 · Insyde · Insydeh2O Uefi Firmware

CVE-2022-30771

Weakness Enumeration

Related Identifiers

Affected Products

References · 4