Overview
- Description
- Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during security review. Fixed in: Kernel 5.1: Version 05.17.23 Kernel 5.2: Version 05.27.23 Kernel 5.3: Version 05.36.23 Kernel 5.4: Version 05.44.23 Kernel 5.5: Version 05.52.23 https://www.insyde.com/security-pledge/SA-2022061
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.2
- Impact score
- 6
- Exploitability score
- 1.5
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- CWE-754
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A4185E11-99C3-4791-99E1-69D5DF200437",
"versionEndExcluding": "5.1.05.17.23",
"versionStartIncluding": "5.1"
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD13A6E4-E33E-47B5-BD87-77ACDD24677F",
"versionEndExcluding": "5.2.05.27.23",
"versionStartIncluding": "5.2"
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "022E9833-D46F-4174-B17A-A63A751AC729",
"versionEndExcluding": "5.3.05.36.23",
"versionStartIncluding": "5.3"
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E56B79E-78F2-4CAC-9314-08C5E53D8600",
"versionEndExcluding": "5.4.05.44.23",
"versionStartIncluding": "5.4"
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51808FCE-4F4E-43CA-82FD-FF64E97FA613",
"versionEndExcluding": "5.5.05.52.23",
"versionStartIncluding": "5.5"
}
],
"operator": "OR"
}
]
}
]