First published: Wed Sep 21 2022(Updated: )
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The FwBlockSericceSmm driver does not properly validate input parameters for a software SMI routine, leading to memory corruption of arbitrary addresses including SMRAM, and possible arbitrary code execution.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Insyde InsydeH2O | >=5.0<05.09.37 | |
Insyde InsydeH2O | >=5.1<05.17.37 | |
Insyde InsydeH2O | >=5.2<05.27.29 | |
Insyde InsydeH2O | >=5.3<05.36.29 | |
Insyde InsydeH2O | >=5.4<05.44.29 | |
Insyde InsydeH2O | >=5.5<05.52.29 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-35895 is a vulnerability discovered in Insyde InsydeH2O with kernel 5.0 through 5.5 that allows for memory corruption and possible arbitrary code execution.
CVE-2022-35895 affects Insyde InsydeH2O versions 5.0 through 5.5.
The severity of CVE-2022-35895 is high with a CVSS score of 8.2.
To fix the CVE-2022-35895 vulnerability, update Insyde InsydeH2O to a version that is not affected by the vulnerability.
You can find more information about CVE-2022-35895 at the following references: [Reference 1](https://binarly.io/advisories/BRLY-2022-024/index.html), [Reference 2](https://www.insyde.com/security-pledge), [Reference 3](https://www.insyde.com/security-pledge/SA-2022033).