CVE-2022-35894

medium

Description

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure.

References

https://www.insyde.com/security-pledge/SA-2022030

https://www.insyde.com/security-pledge

https://binarly.io/advisories/BRLY-2022-018/index.html

Details

Source: Mitre, NVD

Published: 2022-09-22

Updated: 2022-09-26

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:L/AC:L/Au:M/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Severity: Medium