CVE-2022-36338 - Vulnerability Details - OpenCVE

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then generate a software SMI.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Insyde	Insydeh2o

Configuration 1 [-]

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://binarly.io/advisories/BRLY-2022-017/index.html
https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2022029

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-09-23T17:17:49

Updated: 2024-08-03T10:00:04.278Z

Reserved: 2022-07-21T00:00:00

Link: CVE-2022-36338

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-09-23T18:15:10.803

Modified: 2024-11-21T07:12:49.140

Link: CVE-2022-36338

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then generate a software SMI."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-23T17:17:49", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.insyde.com/security-pledge"}, {"tags": ["x_refsource_MISC"], "url": "https://binarly.io/advisories/BRLY-2022-017/index.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.insyde.com/security-pledge/SA-2022029"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-36338", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then generate a software SMI."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.insyde.com/security-pledge", "refsource": "MISC", "url": "https://www.insyde.com/security-pledge"}, {"name": "https://binarly.io/advisories/BRLY-2022-017/index.html", "refsource": "MISC", "url": "https://binarly.io/advisories/BRLY-2022-017/index.html"}, {"name": "https://www.insyde.com/security-pledge/SA-2022029", "refsource": "MISC", "url": "https://www.insyde.com/security-pledge/SA-2022029"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:00:04.278Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.insyde.com/security-pledge"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://binarly.io/advisories/BRLY-2022-017/index.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.insyde.com/security-pledge/SA-2022029"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-36338", "datePublished": "2022-09-23T17:17:49", "dateReserved": "2022-07-21T00:00:00", "dateUpdated": "2024-08-03T10:00:04.278Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "matchCriteriaId": "D301572D-C5C6-41F1-A5D2-41F07E0FC15D", "versionEndIncluding": "5.5", "versionStartIncluding": "5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then generate a software SMI."}, {"lang": "es", "value": "Se ha detectado un problema en InsydeH2O con el kernel 5.0 hasta 5.5. Una vulnerabilidad de llamada SMM en el controlador SMM FwBlockServiceSmm, que crea SMM, conlleva a una ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede reemplazar el puntero al servicio de arranque UEFI GetVariable con un puntero a un software malicioso, y luego generar un SMI de software."}], "id": "CVE-2022-36338", "lastModified": "2024-11-21T07:12:49.140", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-23T18:15:10.803", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://binarly.io/advisories/BRLY-2022-017/index.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.insyde.com/security-pledge"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.insyde.com/security-pledge/SA-2022029"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://binarly.io/advisories/BRLY-2022-017/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.insyde.com/security-pledge"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.insyde.com/security-pledge/SA-2022029"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}