CVE-2022-35893

CVSS v3.1

8.2

High

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Insyde InsydeH2O versions 5.0 through 5.5

Description An issue in the FvbServicesRuntimeDxe driver allows an attacker to write fixed or predictable data to SMRAM, potentially leading to escalating privileges to SMM. This is due to an SMM memory corruption vulnerability.

Recommendations For versions 5.0 through 5.5, consider disabling the FvbServicesRuntimeDxe driver as a temporary workaround until a patch is available. Restrict access to SMRAM to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2022-35893

Affected Products

Insydeh2O

CVE-2022-35893

Weakness Enumeration

Related Identifiers

Affected Products

References · 6