Vulnerabilities > CVE-2022-30771 - Out-of-bounds Write vulnerability in Insyde Kernel

CVSS 8.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

insyde

CWE-787

NVD

Published: 2022-11-15

Updated: 2022-11-23

Summary

Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineering during a security review. Fixed in: Kernel 5.1: Version 05.17.25 Kernel 5.2: Version 05.27.25 Kernel 5.3: Version 05.36.25 Kernel 5.4: Version 05.44.25 Kernel 5.5: Version 05.52.25 https://www.insyde.com/security-pledge/SA-2022064

Vulnerable Configurations

Part	Description	Count
OS	Insyde Insyde Kernel 5.1 Insyde Kernel 5.2 Insyde Kernel 5.3 Insyde Kernel 5.4 Insyde Kernel 5.5	5

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References