CVE-2022-35894 Information

Description

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer leading to information disclosure.

Reference

https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022030 https://binarly.io/advisories/BRLY-2022-018/index.html