Insyde Security Advisory 2022035

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2022035 Software CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 8.2 09/21/2022 09/21/2022

Summary:

SMM memory corruption vulnerability in SMM driver (SMRAM write) in InsydeH2O.

Vulnerability Details

CVE-2022-35893

This affects the FvbServicesRuntimeDxe driver of InsydeH2O. This issue was discovered by the Binarly efiXplorer team. This issue is fixed in InsydeH2O, versions:

Kernel 5.0 (issue IB02961492 in version 05.09.37)
Kernel 5.1 (issue IB02961492 in version 05.17.37)
Kernel 5.2 (issue IB02961492 in version 05.27.29)
Kernel 5.3 (issue IB02961492 in version 05.36.29)
Kernel 5.4 (issue IB02961492 in version 05.44.29)
Kernel 5.5 (issue IB02961492 in version 05.52.29)

Acknowledgements

Insyde Software would like to thank Binarly for reporting this issue.

Revision History:

Revision Date Description
1.0 09/21/2022 Initial Release
- - -

Return to Insyde's Security Pledge