CVE-2022-24030

An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

CVSS v3 7.5 HIGH
CVSS v2.0 6.9 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 0.8 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

6.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf	Third Party Advisory
https://security.netapp.com/advisory/ntap-20220216-0011/	Third Party Advisory
https://www.insyde.com/security-pledge	Vendor Advisory
https://www.insyde.com/security-pledge/SA-2022011	Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf	Third Party Advisory
https://security.netapp.com/advisory/ntap-20220216-0011/	Third Party Advisory
https://www.insyde.com/security-pledge	Vendor Advisory
https://www.insyde.com/security-pledge/SA-2022011	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:49

Type	Values Removed	Values Added
References	~~() https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf - Third Party Advisory~~	() https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf - Third Party Advisory
References	~~() https://security.netapp.com/advisory/ntap-20220216-0011/ - Third Party Advisory~~	() https://security.netapp.com/advisory/ntap-20220216-0011/ - Third Party Advisory
References	~~() https://www.insyde.com/security-pledge - Vendor Advisory~~	() https://www.insyde.com/security-pledge - Vendor Advisory
References	~~() https://www.insyde.com/security-pledge/SA-2022011 - Vendor Advisory~~	() https://www.insyde.com/security-pledge/SA-2022011 - Vendor Advisory

09 Mar 2022, 19:11

Type	Values Removed	Values Added
CVSS	v2 : ~~10.0~~ v3 : ~~9.8~~	v2 : 6.9 v3 : 7.5

28 Feb 2022, 22:04

Type	Values Removed	Values Added
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20220216-0011/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20220216-0011/ - Third Party Advisory
References	~~(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf -~~	(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf - Third Party Advisory

24 Feb 2022, 15:15

Type	Values Removed	Values Added
References		(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf -

17 Feb 2022, 01:15

Type	Values Removed	Values Added
References		(CONFIRM) https://security.netapp.com/advisory/ntap-20220216-0011/ -

09 Feb 2022, 14:32

Type	Values Removed	Values Added
References	~~(MISC) https://www.insyde.com/security-pledge/SA-2022011 -~~	(MISC) https://www.insyde.com/security-pledge/SA-2022011 - Vendor Advisory
References	~~(MISC) https://www.insyde.com/security-pledge -~~	(MISC) https://www.insyde.com/security-pledge - Vendor Advisory
CWE		CWE-787
CPE		cpe:2.3:a:insyde:insydeh2o::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 10.0 v3 : 9.8

09 Feb 2022, 03:15

Type	Values Removed	Values Added
References		(MISC) https://www.insyde.com/security-pledge/SA-2022011 -
Summary	~~SMM memory corruption vulnerability allowing a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.~~	An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

03 Feb 2022, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-02-03 02:15

Updated : 2024-11-21 06:49

NVD link : CVE-2022-24030

Mitre link : CVE-2022-24030

CVE.ORG link : CVE-2022-24030

JSON object : View

Products Affected

insyde

insydeh2o

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2022-24030", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 0.8}]}, "published": "2022-02-03T02:15:07.667", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.netapp.com/advisory/ntap-20220216-0011/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.insyde.com/security-pledge", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.insyde.com/security-pledge/SA-2022011", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20220216-0011/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.insyde.com/security-pledge", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.insyde.com/security-pledge/SA-2022011", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 through 5.5. An SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM."}, {"lang": "es", "value": "Se ha descubierto un problema en AhciBusDxe en InsydeH2O con el kernel versi\u00f3n 5.1 hasta la versi\u00f3n 5.5. Una vulnerabilidad de corrupci\u00f3n de memoria en SMM permite a un atacante escribir datos fijos o predecibles en SMRAM. La explotaci\u00f3n de este problema podr\u00eda llevar a escalar privilegios a SMM"}], "lastModified": "2024-11-21T06:49:41.630", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A64DE17F-735B-490B-A4AD-8606684DDB5D", "versionEndExcluding": "5.08.41", "versionStartIncluding": "5.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EE9D6D0-77EF-41CE-ACB2-A43B0543F9C7", "versionEndExcluding": "5.16.41", "versionStartIncluding": "5.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADDAD8E2-7468-4D96-8A9F-8C2BB0E8EACB", "versionEndExcluding": "5.26.41", "versionStartIncluding": "5.2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AF0CD01-CD57-41D5-9827-437F0683E13B", "versionEndExcluding": "5.35.41", "versionStartIncluding": "5.3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DA61A73-A290-493E-A797-1A7E7AF0BDE5", "versionEndExcluding": "5.43.41", "versionStartIncluding": "5.4"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CB4ED22-F39A-45BD-B748-5C67D0BEEF53", "versionEndExcluding": "5.51.41", "versionStartIncluding": "5.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}