CVE-2022-35408

Severity Score

8.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver in UsbLegacyControlSmm leads to possible arbitrary code execution in SMM and escalation of privileges. An attacker could overwrite the function pointers in the EFI_BOOT_SERVICES table before the USB SMI handler triggers. (This is not exploitable from code running in the operating system.)

Se ha detectado un problema en InsydeH2O con el kernel versiones 5.0 hasta 5.5. Una vulnerabilidad de llamada de SMM en el controlador de SMM en UsbLegacyControlSmm conlleva a una posible ejecución de código arbitrario en SMM y una escalada de privilegios. Un atacante podría sobrescribir los punteros de las funciones en la tabla EFI_BOOT_SERVICES antes de que sea desencadenado el manejador USB SMI. (Esto no es explotable desde el código que es ejecutado en el sistema operativo)

*Credits: N/A

CVSS Scores

NISTv3.1 8.2

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-07-08 CVE Reserved
2022-09-22 CVE Published
2024-05-13 EPSS Updated
2024-08-03 CVE Updated
2024-08-03 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (3)

URL	Tag	Source

URL	Date	SRC
https://binarly.io/advisories/BRLY-2022-022/index.html	2024-08-03

URL	Date	SRC

URL	Date	SRC
https://www.insyde.com/security-pledge	2022-09-23
https://www.insyde.com/security-pledge/SA-2022031	2022-09-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Insyde Search vendor "Insyde"		Insydeh2o Search vendor "Insyde" for product "Insydeh2o"				>= 5.1 < 5.17.38 Search vendor "Insyde" for product "Insydeh2o" and version " >= 5.1 < 5.17.38"		-		Affected
Insyde Search vendor "Insyde"		Insydeh2o Search vendor "Insyde" for product "Insydeh2o"				>= 5.2 < 05.27.28 Search vendor "Insyde" for product "Insydeh2o" and version " >= 5.2 < 05.27.28"		-		Affected
Insyde Search vendor "Insyde"		Insydeh2o Search vendor "Insyde" for product "Insydeh2o"				>= 5.3 < 05.36.28 Search vendor "Insyde" for product "Insydeh2o" and version " >= 5.3 < 05.36.28"		-		Affected
Insyde Search vendor "Insyde"		Insydeh2o Search vendor "Insyde" for product "Insydeh2o"				>= 5.4 < 05.44.28 Search vendor "Insyde" for product "Insydeh2o" and version " >= 5.4 < 05.44.28"		-		Affected
Insyde Search vendor "Insyde"		Insydeh2o Search vendor "Insyde" for product "Insydeh2o"				>= 5.5 < 05.52.28 Search vendor "Insyde" for product "Insydeh2o" and version " >= 5.5 < 05.52.28"		-		Affected
Insyde Search vendor "Insyde"		Insydeh2o Search vendor "Insyde" for product "Insydeh2o"				>= 5.0 < 05.09.38 Search vendor "Insyde" for product "Insydeh2o" and version " >= 5.0 < 05.09.38"		-		Affected