CVE-2022-30772
CVSS V2 None
CVSS V3 High 8.2
Description
Manipulation of the input address in PnpSmm function 0x52 could be used by malware to overwrite SMRAM or OS kernel memory. Function 0x52 of the PnpSmm driver is passed the address and size of data to write into the SMBIOS table, but manipulation of the address could be used by malware to overwrite SMRAM or OS kernel memory. This issue was discovered by Insyde engineering during a security review. This issue is fixed in: Kernel 5.0: 05.09.41 Kernel 5.1: 05.17.43 Kernel 5.2: 05.27.30 Kernel 5.3: 05.36.30 Kernel 5.4: 05.44.30 Kernel 5.5: 05.52.30 https://www.insyde.com/security-pledge/SA-2022065
Overview
- CVE ID
- CVE-2022-30772
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2022-11-15T21:15:36
- Last Modified Date
- 2022-11-23T17:24:07
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:* | 1 | OR | 5.0 | 5.0.05.09.41 |
| cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:* | 1 | OR | 5.1 | 5.1.05.17.43 |
| cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:* | 1 | OR | 5.2 | 5.2.05.27.30 |
| cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:* | 1 | OR | 5.3 | 5.3.05.36.30 |
| cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:* | 1 | OR | 5.4 | 5.4.05.44.30 |
| cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:* | 1 | OR | 5.5 | 5.5.05.52.30 |
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- Attack Vector
- LOCAL
- Attack Compatibility
- LOW
- Privileges Required
- HIGH
- User Interaction
- NONE
- Scope
- CHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- HIGH
- Base Score
- 8.2
- Base Severity
- HIGH
- Exploitability Score
- 1.5
- Impact Score
- 6
References
| Reference URL | Reference Tags |
|---|---|
| https://www.insyde.com/security-pledge | |
| https://www.insyde.com/security-pledge/SA-2022065 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-30772 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30772 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-11-15 22:00:16 | Added to TrackCVE | |||
| 2022-12-07 17:48:29 | 2022-11-15T21:15Z | 2022-11-15T21:15:36 | CVE Published Date | updated |
| 2022-12-07 17:48:29 | 2022-11-23T17:24:07 | CVE Modified Date | updated | |
| 2022-12-07 17:48:29 | Analyzed | Vulnerability Status | updated | |
| 2022-12-07 17:48:31 | CPE Information | updated |