CVE-2022-35897 - Vulnerability Details - OpenCVE

An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally locked (read-only) at the OS level and therefore an attack would require direct SPI modification. If an attacker can change the values of at least two variables out of three (SecureBootEnforce, SecureBoot, RestoreBootSettings), it is possible to execute arbitrary code.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Insyde	Kernel

Configuration 1 [-]

cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2022041

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-11-21T00:00:00

Updated: 2024-08-03T09:44:22.096Z

Reserved: 2022-07-15T00:00:00

Link: CVE-2022-35897

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-11-21T17:15:25.280

Modified: 2024-11-21T07:11:54.230

Link: CVE-2022-35897

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC5100FC-51F0-48D6-A4F0-782F1281DBF3", "versionEndIncluding": "5.5", "versionStartIncluding": "5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally locked (read-only) at the OS level and therefore an attack would require direct SPI modification. If an attacker can change the values of at least two variables out of three (SecureBootEnforce, SecureBoot, RestoreBootSettings), it is possible to execute arbitrary code."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad de desbordamiento del b\u00fafer que provoca un problema de ejecuci\u00f3n de c\u00f3digo arbitrario en Insyde InsydeH2O con kernel 5.0 a 5.5. Si el atacante modifica variables UEFI espec\u00edficas, puede provocar un desbordamiento de la pila, lo que lleva a la ejecuci\u00f3n de c\u00f3digo arbitrario. Las variables espec\u00edficas normalmente est\u00e1n bloqueadas (de solo lectura) a nivel del sistema operativo y, por lo tanto, un ataque requerir\u00eda una modificaci\u00f3n directa del SPI. Si un atacante puede cambiar los valores de al menos dos variables de tres (SecureBootEnforce, SecureBoot, RestoreBootSettings), es posible ejecutar c\u00f3digo arbitrario."}], "id": "CVE-2022-35897", "lastModified": "2024-11-21T07:11:54.230", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-21T17:15:25.280", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.insyde.com/security-pledge"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.insyde.com/security-pledge/SA-2022041"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.insyde.com/security-pledge"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.insyde.com/security-pledge/SA-2022041"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}