CVE-2022-35895 Information

Description

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The FwBlockSericceSmm driver does not properly validate input parameters for a software SMI routine leading to memory corruption of arbitrary addresses including SMRAM and possible arbitrary code execution.

Reference

https://binarly.io/advisories/BRLY-2022-024/index.html https://www.insyde.com/security-pledge/SA-2022033 https://www.insyde.com/security-pledge