Vulnerability Details : CVE-2022-36337
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2022-36337
- cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-36337
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 13 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-36337
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.2
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
1.5
|
6.0
|
NIST |
CWE ids for CVE-2022-36337
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-36337
-
https://www.insyde.com/security-pledge
Insyde's Security Pledge | Insyde SoftwareVendor Advisory
-
https://www.insyde.com/security-pledge/SA-2022039
Insyde Security Advisory 2022039 | Insyde SoftwareVendor Advisory
Jump to