CVE-2022-36338 – An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vu …

23 September 2022

Vuln ID: CVE-2022-36338

Published: 2022-09-23 18:15:10Z

Description: An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then generate a software SMI.

Source: NVD.NIST.GOV

Date:

23 September 2022

Categorie(s):

NVD

Tag(s):

NVD

Win 95, LastPass, Kubernetes, Sandworm, Bloomtech, Frontier, 911, Aaran Leyland… – SWN #37919 April 2024
5.3M World-Check records may be leaked; how to check your records19 April 2024
Sacramento airport goes no-fly after AT&T internet cable snipped19 April 2024
Active adversary report: Ransomware hit a ceiling, but security teams at risk for more pain19 April 2024
Akira takes in $42 million in ransom payments, now targets Linux servers19 April 2024