Vulnerabilities > CVE-2022-24031 - Out-of-bounds Write vulnerability in Insyde Insydeh2O

047910
CVSS 8.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
insyde
CWE-787

Summary

An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Vulnerable Configurations

Part Description Count
Application
Insyde
114

Common Weakness Enumeration (CWE)