CVE-2022-36337

CVSS v3.1

8.2

High

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Insyde InsydeH2O with kernel 5.0 through 5.5

Description A stack buffer overflow vulnerability in the MebxConfiguration driver can lead to arbitrary code execution. This issue occurs when a UEFI variable under the OS is read by BIOS code, causing the overflow.

Recommendations For Insyde InsydeH2O with kernel 5.0 through 5.5, consider disabling the MebxConfiguration driver as a temporary workaround until a patch is available. Restrict access to UEFI variables under the OS to minimize the risk of exploitation.

Fix

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

CVE-2022-36337

Affected Products

Insydeh2O

CVE-2022-36337

Weakness Enumeration

Related Identifiers

Affected Products

References · 7