CVE-2022-35408

EUVD-2022-38298
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver in UsbLegacyControlSmm leads to possible arbitrary code execution in SMM and escalation of privileges. An attacker could overwrite the function pointers in the EFI_BOOT_SERVICES table before the USB SMI handler triggers. (This is not exploitable from code running in the operating system.)
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.2 HIGH
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CISA-ADPADP
8.2 HIGH
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
insydeinsydeh2o
5.1 ≤
𝑥
< 5.17.38
insydeinsydeh2o
5.2 ≤
𝑥
< 05.27.28
insydeinsydeh2o
5.3 ≤
𝑥
< 05.36.28
insydeinsydeh2o
5.4 ≤
𝑥
< 05.44.28
insydeinsydeh2o
5.5 ≤
𝑥
< 05.52.28
insydeinsydeh2o
5.0 ≤
𝑥
< 05.09.38
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://binarly.io/advisories/BRLY-2022-022/index.html
https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2022031
https://binarly.io/advisories/BRLY-2022-022/index.html
https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2022031