← back
CVE-2022-35894

CVE-2022-35894

CVSS 6 MEDIUMEPSS 0.3%CWE-401
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
22 Sep 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://binarly.io/advisories/BRLY-2022-018/index.htmlhttps://www.insyde.com/security-pledgehttps://www.insyde.com/security-pledge/SA-2022030