First published: Thu Feb 03 2022(Updated: )
An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Insyde InsydeH2O | >=5.1<5.16.42 | |
Insyde InsydeH2O | >=5.2<5.26.42 | |
Insyde InsydeH2O | >=5.3<5.35.42 | |
Insyde InsydeH2O | >=5.4<5.43.42 | |
Insyde InsydeH2O | >=5.5<5.51.42 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-24031 is an SMM memory corruption vulnerability in NvmExpressDxe in Insyde InsydeH2O with kernel 5.1 through 5.5, which allows an attacker to write fixed or predictable data to SMRAM and potentially escalate privileges to SMM.
Insyde InsydeH2O with kernel versions 5.1 through 5.5 is affected by CVE-2022-24031.
CVE-2022-24031 has a severity score of 8.2 (high).
CVE-2022-24031 can be exploited by writing fixed or predictable data to SMRAM, potentially leading to privilege escalation to SMM.
You can find more information about CVE-2022-24031 at the following references: [Reference 1](https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf), [Reference 2](https://security.netapp.com/advisory/ntap-20220216-0009/), [Reference 3](https://www.insyde.com/security-pledge).