CVE-2022-36337: Buffer Overflow
First published: Wed Nov 23 2022(Updated: )
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Insyde Kernel | >=5.0<=5.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-36337?
CVE-2022-36337 is a vulnerability in Insyde InsydeH2O with kernel 5.0 through 5.5 that allows for a stack buffer overflow and arbitrary code execution.
How does CVE-2022-36337 affect InsydeH2O?
CVE-2022-36337 affects InsydeH2O with kernel 5.0 through 5.5 by exploiting a stack buffer overflow vulnerability in the MebxConfiguration driver, resulting in arbitrary code execution.
What is the severity of CVE-2022-36337?
CVE-2022-36337 has a severity rating of 8.2 out of 10, indicating a high risk.
How can I fix CVE-2022-36337?
To fix CVE-2022-36337, it is recommended to apply the latest security patches and updates provided by Insyde, and follow their security guidelines.
Are there any references for CVE-2022-36337?
Yes, you can find references for CVE-2022-36337 at the following links: [Link 1](https://www.insyde.com/security-pledge) and [Link 2](https://www.insyde.com/security-pledge/SA-2022039).
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- vendor/insyde
- canonical/insyde kernel
- version/insyde kernel/5.0
- version/insyde kernel/5.5