CVE-2022-40261: SMM memory corruption vulnerability in OverClockSmiHandler SMM driver
First published: Tue Sep 20 2022(Updated: )
An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into BIOS. Such a malicious firmware code in BIOS could persist across operating system re-installs. Additionally, this vulnerability potentially could be used by malicious actors to bypass security mechanisms provided by UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). This issue affects: Module name: OverClockSmiHandler SHA256: a204699576e1a48ce915d9d9423380c8e4c197003baf9d17e6504f0265f3039c Module GUID: 4698C2BD-A903-410E-AD1F-5EEF3A1AE422
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Intel Nuc M15 Laptop Kit Lapbc510 Firmware | ||
| Intel Nuc M15 Laptop Kit Lapbc510 | ||
| Intel Nuc M15 Laptop Kit Lapbc710 Firmware | ||
| Intel Nuc M15 Laptop Kit Lapbc710 | ||
| Ami Aptio V | =5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2022-40261?
CVE-2022-40261 is a vulnerability that allows an attacker to elevate privileges from ring 0 to ring -2 and execute arbitrary code in System Management Mode (SMM), bypassing SMM-based SPI flash protections.
How can an attacker exploit CVE-2022-40261?
An attacker can exploit CVE-2022-40261 by taking advantage of the vulnerability to elevate privileges and execute arbitrary code in the highly privileged SMM environment.
What software is affected by CVE-2022-40261?
The Intel Nuc M15 Laptop Kit Lapbc510 and Lapbc710 firmware, as well as the Ami Aptio V firmware version 5.0, are affected by CVE-2022-40261.
What is the severity of CVE-2022-40261?
CVE-2022-40261 has a severity score of 8.2, indicating a high severity.
How can I mitigate CVE-2022-40261?
To mitigate CVE-2022-40261, it is recommended to apply the necessary firmware patches or updates provided by Intel or the relevant vendor.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/title
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- vendor/intel
- canonical/intel nuc m15 laptop kit lapbc510 firmware
- canonical/intel nuc m15 laptop kit lapbc510
- canonical/intel nuc m15 laptop kit lapbc710 firmware
- canonical/intel nuc m15 laptop kit lapbc710
- vendor/ami
- canonical/ami aptio v
- version/ami aptio v/5.0