OpenCVE

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. The IhisiDxe driver uses the command buffer to pass input and output data. By modifying the command buffer contents with DMA after the input parameters have been checked but before they are used, the IHISI SMM code may be convinced to modify SMRAM or OS, leading to possible data corruption or escalation of privileges.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Insyde	Insydeh2o

Configuration 1 [-]

OR	cpe:2.3:a:insyde:insydeh2o::::::::
	cpe:2.3:a:insyde:insydeh2o::::::::
	cpe:2.3:a:insyde:insydeh2o::::::::
	cpe:2.3:a:insyde:insydeh2o::::::::

No data.

References

Link	Providers
https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2023003

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-02-15T00:00:00

Updated: 2024-08-03T07:39:51.245Z

Reserved: 2022-06-06T00:00:00

Link: CVE-2022-32471

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-15T02:15:09.623

Modified: 2024-11-21T07:06:23.867

Link: CVE-2022-32471

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "matchCriteriaId": "587C0285-0A9E-42FD-AB50-56B49B2DFF34", "versionEndExcluding": "5.2.05.27.37", "versionStartIncluding": "5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "matchCriteriaId": "79BA702A-373E-454B-B19B-68AD0C573F4F", "versionEndExcluding": "5.3.05.36.37", "versionStartIncluding": "5.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "matchCriteriaId": "1ADA401A-3333-4A40-ADCA-060FC8FFEAF1", "versionEndExcluding": "5.4.05.44.45", "versionStartIncluding": "5.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "matchCriteriaId": "F8223C5A-5593-4F54-BDB4-D252BB4E2167", "versionEndExcluding": "5.5.05.52.45", "versionStartIncluding": "5.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. The IhisiDxe driver uses the command buffer to pass input and output data. By modifying the command buffer contents with DMA after the input parameters have been checked but before they are used, the IHISI SMM code may be convinced to modify SMRAM or OS, leading to possible data corruption or escalation of privileges."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en IhisiSmm en Insyde InsydeH2O con kernel 5.0 a 5.5. El controlador IhisiDxe utiliza el b\u00fafer de comandos para pasar datos de entrada y salida. Al modificar el contenido del b\u00fafer de comandos con DMA despu\u00e9s de que se hayan verificado los par\u00e1metros de entrada pero antes de usarlos, se puede convencer al c\u00f3digo IHISI SMM de que modifique SMRAM o OS, lo que provocar\u00e1 una posible corrupci\u00f3n de datos o una escalada de privilegios."}], "id": "CVE-2022-32471", "lastModified": "2024-11-21T07:06:23.867", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-15T02:15:09.623", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.insyde.com/security-pledge"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.insyde.com/security-pledge/SA-2023003"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.insyde.com/security-pledge"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.insyde.com/security-pledge/SA-2023003"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-367"}], "source": "nvd@nist.gov", "type": "Primary"}]}