Untrusted Pointer Information Disclosure Vulnerability in InsydeH2O SMI Handler

Untrusted Pointer Information Disclosure Vulnerability in InsydeH2O SMI Handler

CVE-2022-35894 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure.

Learn more about our Web Application Penetration Testing UK.