CVE-2022-30771 - OpenCVE

Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineering during a security review. Fixed in: Kernel 5.1: Version 05.17.25 Kernel 5.2: Version 05.27.25 Kernel 5.3: Version 05.36.25 Kernel 5.4: Version 05.44.25 Kernel 5.5: Version 05.52.25 https://www.insyde.com/security-pledge/SA-2022064

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Insyde	Kernel

Configuration 1 [-]

OR	cpe:2.3:o:insyde:kernel::::::::
	cpe:2.3:o:insyde:kernel::::::::
	cpe:2.3:o:insyde:kernel::::::::
	cpe:2.3:o:insyde:kernel::::::::
	cpe:2.3:o:insyde:kernel::::::::

References

Link	Resource
https://www.insyde.com/security-pledge	Vendor Advisory
https://www.insyde.com/security-pledge/SA-2022064	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-11-15T00:00:00

Updated: 2022-11-15T00:00:00

Reserved: 2022-05-16T00:00:00

Link: CVE-2022-30771

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-11-15T21:15:36.910

Modified: 2022-11-23T17:21:51.870

Link: CVE-2022-30771

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5BBA052D-95BD-4DAA-B2EB-158CA57C92F1", "versionEndExcluding": "5.1.05.17.25", "versionStartIncluding": "5.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "63A5141F-8209-406C-BC3E-1B0CEB9AF4FE", "versionEndExcluding": "5.2.05.27.25", "versionStartIncluding": "5.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCA8A888-C5DC-4550-8494-E72E886A7D33", "versionEndExcluding": "5.3.05.36.25", "versionStartIncluding": "5.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB9D389D-0C85-4107-8CBD-BD647C7CFFC7", "versionEndExcluding": "5.4.05.44.25", "versionStartIncluding": "5.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "472F2FC3-4BB0-468E-8F24-08C6CED5DA8B", "versionEndExcluding": "5.5.05.52.25", "versionStartIncluding": "5.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineering during a security review. Fixed in: Kernel 5.1: Version 05.17.25 Kernel 5.2: Version 05.27.25 Kernel 5.3: Version 05.36.25 Kernel 5.4: Version 05.44.25 Kernel 5.5: Version 05.52.25 https://www.insyde.com/security-pledge/SA-2022064"}, {"lang": "es", "value": "La funci\u00f3n de inicializaci\u00f3n en PnpSmm podr\u00eda provocar da\u00f1os en la SMRAM al utilizar funciones PNP SMI posteriores. La funci\u00f3n de inicializaci\u00f3n en PnpSmm podr\u00eda provocar da\u00f1os en la SMRAM al utilizar funciones PNP SMI posteriores. Este problema fue descubierto por la ingenier\u00eda de Insyde durante una revisi\u00f3n de seguridad. Corregido en: Kernel 5.1: Versi\u00f3n 05.17.25 Kernel 5.2: Versi\u00f3n 05.27.25 Kernel 5.3: Versi\u00f3n 05.36.25 Kernel 5.4: Versi\u00f3n 05.44.25 Kernel 5.5: Versi\u00f3n 05.52.25 \nhttps://www.insyde.com/security- promesa/SA-2022064"}], "id": "CVE-2022-30771", "lastModified": "2022-11-23T17:21:51.870", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-15T21:15:36.910", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.insyde.com/security-pledge"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.insyde.com/security-pledge/SA-2022064"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}