CVE-2022-24350

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-24350
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI function 0x17 verifies that the output buffer lies within the command buffer but does not verify that output data does not go beyond the end of the command buffer. In particular, the GetFlashTable function is called directly on the Command Buffer before the DataSize is check, leading to possible circumstances where the data immediately following the command buffer could be destroyed before returning a buffer size error.

5.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.insyde.com/security-pledge Vendor Advisory
https://www.insyde.com/security-pledge Vendor Advisory
https://www.insyde.com/security-pledge/SA-2023027 Vendor Advisory
https://www.insyde.com/security-pledge/SA-2023027 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
History

19 Mar 2025, 16:15

Type Values Removed Values Added
References (MISC) https://www.insyde.com/security-pledge - Vendor Advisory () https://www.insyde.com/security-pledge - Vendor Advisory
References (MISC) https://www.insyde.com/security-pledge/SA-2023027 - Vendor Advisory () https://www.insyde.com/security-pledge/SA-2023027 - Vendor Advisory

03 Aug 2023, 15:15

Type Values Removed Values Added
Summary An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Specially formatted buffer contents used for software SMI could cause SMRAM corruption, leading to escalation of privilege. An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI function 0x17 verifies that the output buffer lies within the command buffer but does not verify that output data does not go beyond the end of the command buffer. In particular, the GetFlashTable function is called directly on the Command Buffer before the DataSize is check, leading to possible circumstances where the data immediately following the command buffer could be destroyed before returning a buffer size error.

20 Apr 2023, 18:18

Type Values Removed Values Added
CWE CWE-120
References (MISC) https://www.insyde.com/security-pledge - (MISC) https://www.insyde.com/security-pledge - Vendor Advisory
References (MISC) https://www.insyde.com/security-pledge/SA-2023027 - (MISC) https://www.insyde.com/security-pledge/SA-2023027 - Vendor Advisory
CPE cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
First Time Insyde
Insyde insydeh2o
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5

12 Apr 2023, 13:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-04-12 13:15

Updated : 2025-03-19 16:15

NVD link : CVE-2022-24350

Mitre link : CVE-2022-24350

JSON object : View

Products Affected

insyde

  • insydeh2o
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')