// For flags

CVE-2022-40250

Stack overflow vulnerability in SMI handler on SmmSmbiosElog.

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into BIOS. Such a malicious firmware code in BIOS could persist across operating system re-installs. Additionally, this vulnerability potentially could be used by malicious actors to bypass security mechanisms provided by UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). This issue affects: Module name: SmmSmbiosElog SHA256: 3a8acb4f9bddccb19ec3b22b22ad97963711550f76b27b606461cd5073a93b59 Module GUID: 8e61fd6b-7a8b-404f-b83f-aa90a47cabdf This issue affects: AMI Aptio 5.x. This issue affects: AMI Aptio 5.x.

Un atacante puede explotar esta vulnerabilidad para elevar privilegios del anillo 0 al anillo -2, ejecutar código arbitrario en el Modo de Administración del Sistema - un entorno más privilegiado que el sistema operativo (SO) y completamente aislado de él. Una ejecución de código arbitrario en el SMM también evita las protecciones de la flash SPI basadas en el SMM contra las modificaciones, lo que puede ayudar a un atacante a instalar una puerta trasera/implante de firmware en la BIOS. Dicho código de firmware malicioso en la BIOS podría persistir a través de las reinstalaciones del sistema operativo. Además, esta vulnerabilidad podría ser usada por actores maliciosos para omitir los mecanismos de seguridad proporcionados por el firmware UEFI (por ejemplo, Secure Boot y algunos tipos de aislamiento de memoria para hipervisores). Este problema afecta: Nombre del módulo: SmmSmbiosElog SHA256: 3a8acb4f9bddccb19ec3b22b22ad97963711550f76b27b606461cd5073a93b59 GUID del módulo: 8e61fd6b-7a8b-404f-b83f-aa90a47cabdf Este problema afecta a: AMI Aptio 5.x. Este problema afecta: AMI Aptio versión 5.x

*Credits: Binarly efiXplorer team
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-09-08 CVE Reserved
  • 2022-09-20 CVE Published
  • 2024-04-01 EPSS Updated
  • 2024-09-16 CVE Updated
  • 2024-09-16 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-121: Stack-based Buffer Overflow
  • CWE-787: Out-of-bounds Write
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Intel
Search vendor "Intel"
 Nuc M15 Laptop Kit Lapbc510 Firmware
Search vendor "Intel" for product "Nuc M15 Laptop Kit Lapbc510 Firmware"
 bc0074
Search vendor "Intel" for product "Nuc M15 Laptop Kit Lapbc510 Firmware" and version "bc0074"
-
Affected
in Intel
Search vendor "Intel"
 Nuc M15 Laptop Kit Lapbc510
Search vendor "Intel" for product "Nuc M15 Laptop Kit Lapbc510"
--
Safe
Intel
Search vendor "Intel"
 Nuc M15 Laptop Kit Lapbc710 Firmware
Search vendor "Intel" for product "Nuc M15 Laptop Kit Lapbc710 Firmware"
 bc0074
Search vendor "Intel" for product "Nuc M15 Laptop Kit Lapbc710 Firmware" and version "bc0074"
-
Affected
in Intel
Search vendor "Intel"
 Nuc M15 Laptop Kit Lapbc710
Search vendor "Intel" for product "Nuc M15 Laptop Kit Lapbc710"
--
Safe
Ami
Search vendor "Ami"
 Aptio V
Search vendor "Ami" for product "Aptio V"
 5.0
Search vendor "Ami" for product "Aptio V" and version "5.0"
-
Affected