Vulnerabilities > CVE-2022-30772 - Out-of-bounds Write vulnerability in Insyde Kernel

CVSS 8.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

insyde

CWE-787

NVD

Published: 2022-11-15

Updated: 2022-11-23

Summary

Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrite SMRAM or OS kernel memory. This issue was discovered by Insyde engineering during a security review. This issue is fixed in: Kernel 5.0: 05.09.41 Kernel 5.1: 05.17.43 Kernel 5.2: 05.27.30 Kernel 5.3: 05.36.30 Kernel 5.4: 05.44.30 Kernel 5.5: 05.52.30 https://www.insyde.com/security-pledge/SA-2022065

Vulnerable Configurations

Part	Description	Count
OS	Insyde Insyde Kernel 5.0 Insyde Kernel 5.1 Insyde Kernel 5.2 Insyde Kernel 5.3 Insyde Kernel 5.4 Insyde Kernel 5.5	6

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References