First published: Thu Sep 22 2022(Updated: )
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Insyde InsydeH2O | >=5.0<05.09.37 | |
Insyde InsydeH2O | >=5.1<5.17.37 | |
Insyde InsydeH2O | >=5.2<05.27.29 | |
Insyde InsydeH2O | >=5.3<05.36.29 | |
Insyde InsydeH2O | >=5.4<05.44.29 | |
Insyde InsydeH2O | >=5.5<05.52.29 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-35894 is a vulnerability in Insyde InsydeH2O that allows an attacker to disclose information through the SMI handler for the FwBlockServiceSmm driver.
CVE-2022-35894 has a severity level of 6, which is considered medium.
Insyde InsydeH2O versions 5.0 through 5.5 are affected by CVE-2022-35894.
An attacker can exploit CVE-2022-35894 by using an untrusted pointer to copy data to an attacker-controlled buffer, leading to information disclosure.
Yes, you can find more information about CVE-2022-35894 at the following references: [Reference 1](https://binarly.io/advisories/BRLY-2022-018/index.html), [Reference 2](https://www.insyde.com/security-pledge), [Reference 3](https://www.insyde.com/security-pledge/SA-2022030)