CVE-2022-36448

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.2 HIGH
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.2 HIGH
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
insydeinsydeh2o
5.4 ≤
𝑥
< 05.44.30
insydeinsydeh2o
5.5 ≤
𝑥
< 05.52.30
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://binarly.io/advisories/BRLY-2022-023/index.html
https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2022032
https://binarly.io/advisories/BRLY-2022-023/index.html
https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2022032