CVE-2022-35894 - OpenCVE

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Insyde	Insydeh2o

Configuration 1 [-]

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Configuration 5 [-]

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Configuration 6 [-]

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://binarly.io/advisories/BRLY-2022-018/index.html
https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2022030

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-09-22T17:07:10

Updated: 2024-08-03T09:44:22.247Z

Reserved: 2022-07-15T00:00:00

Link: CVE-2022-35894

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-09-22T18:15:10.200

Modified: 2022-09-26T15:25:59.207

Link: CVE-2022-35894

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-22T17:07:10", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.insyde.com/security-pledge"}, {"tags": ["x_refsource_MISC"], "url": "https://binarly.io/advisories/BRLY-2022-018/index.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.insyde.com/security-pledge/SA-2022030"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-35894", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.insyde.com/security-pledge", "refsource": "MISC", "url": "https://www.insyde.com/security-pledge"}, {"name": "https://binarly.io/advisories/BRLY-2022-018/index.html", "refsource": "MISC", "url": "https://binarly.io/advisories/BRLY-2022-018/index.html"}, {"name": "https://www.insyde.com/security-pledge/SA-2022030", "refsource": "MISC", "url": "https://www.insyde.com/security-pledge/SA-2022030"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:44:22.247Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.insyde.com/security-pledge"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://binarly.io/advisories/BRLY-2022-018/index.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.insyde.com/security-pledge/SA-2022030"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-35894", "datePublished": "2022-09-22T17:07:10", "dateReserved": "2022-07-15T00:00:00", "dateUpdated": "2024-08-03T09:44:22.247Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E2D2426-1E28-46F4-A04E-A83A3DBD01AC", "versionEndExcluding": "05.09.37", "versionStartIncluding": "5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBDE11FD-957E-4C23-84BC-DADF35108774", "versionEndExcluding": "5.17.37", "versionStartIncluding": "5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8D0A7D7-5775-4B3A-B998-37EF7FB4B8D6", "versionEndExcluding": "05.27.29", "versionStartIncluding": "5.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5FECD45-7167-4312-B2ED-36D309A8C5EC", "versionEndExcluding": "05.36.29", "versionStartIncluding": "5.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "matchCriteriaId": "98809678-EA92-4A53-82B7-34A4504EF1C7", "versionEndExcluding": "05.44.29", "versionStartIncluding": "5.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "matchCriteriaId": "53B89A38-CB9D-44BE-8693-80957205AF31", "versionEndExcluding": "05.52.29", "versionStartIncluding": "5.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure."}, {"lang": "es", "value": "Se ha detectado un problema en InsydeH2O con el kernel versiones 5.0 hasta 5.5. El controlador SMI para el controlador FwBlockServiceSmm usa un puntero que no es confiable como ubicaci\u00f3n para copiar datos en un b\u00fafer especificado por el atacante, conllevando a una divulgaci\u00f3n de informaci\u00f3n"}], "id": "CVE-2022-35894", "lastModified": "2022-09-26T15:25:59.207", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-22T18:15:10.200", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://binarly.io/advisories/BRLY-2022-018/index.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.insyde.com/security-pledge"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.insyde.com/security-pledge/SA-2022030"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}