{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2022-09-22T17:07:10.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_MISC"],"url":"https://www.insyde.com/security-pledge"},{"tags":["x_refsource_MISC"],"url":"https://binarly.io/advisories/BRLY-2022-018/index.html"},{"tags":["x_refsource_MISC"],"url":"https://www.insyde.com/security-pledge/SA-2022030"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2022-35894","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://www.insyde.com/security-pledge","refsource":"MISC","url":"https://www.insyde.com/security-pledge"},{"name":"https://binarly.io/advisories/BRLY-2022-018/index.html","refsource":"MISC","url":"https://binarly.io/advisories/BRLY-2022-018/index.html"},{"name":"https://www.insyde.com/security-pledge/SA-2022030","refsource":"MISC","url":"https://www.insyde.com/security-pledge/SA-2022030"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T09:44:22.247Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.insyde.com/security-pledge"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://binarly.io/advisories/BRLY-2022-018/index.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.insyde.com/security-pledge/SA-2022030"}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-401","lang":"en","description":"CWE-401 Missing Release of Memory after Effective Lifetime"}]}],"metrics":[{"cvssV3_1":{"scope":"CHANGED","version":"3.1","baseScore":6,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"HIGH","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-04-23T13:30:44.445875Z","id":"CVE-2022-35894","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-05T16:14:25.982Z"}}]},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2022-35894","datePublished":"2022-09-22T17:07:10.000Z","dateReserved":"2022-07-15T00:00:00.000Z","dateUpdated":"2025-05-05T16:14:25.982Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}