CVE-2022-35896

Name of the Vulnerable Software and Affected Versions Insyde InsydeH2O versions 5.0 through 5.5

Description An issue in the SMM driver (SMRAM) was discovered, allowing an attacker to dump SMRAM contents via the software SMI provided by the FvbServicesRuntimeDxe driver. This leads to information disclosure. The FvbServicesRuntimeDxe driver is used to read the contents of SMRAM.

Recommendations For Insyde InsydeH2O versions 5.0 through 5.5, consider disabling the FvbServicesRuntimeDxe driver as a temporary workaround to minimize the risk of exploitation. Restrict access to the SMRAM contents to prevent information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.