What is CVE-2022-36448?

CVE-2022-36448 is a high-severity vulnerability in Insyde Insydeh2o, classified under Improper Input Validation. CVSS score: 8.2/10. Published 2022-09-28.

How severe is CVE-2022-36448?

High severity. CVSS v3 base score is 8.2 out of 10.

Improper input validation in Insyde Insydeh2o

CVE-2022-36448

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.003 (23.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

Affected products

Insyde Insydeh2o
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

cve@mitre.org (x_refsource_MISC, Vendor Advisory)
cve@mitre.org (Exploit, Third Party Advisory, x_refsource_MISC)
cve@mitre.org (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2022-36448?: CVE-2022-36448 is a high-severity vulnerability in Insyde Insydeh2o, classified under Improper Input Validation. CVSS score: 8.2/10. Published 2022-09-28.
How severe is CVE-2022-36448?: High severity. CVSS v3 base score is 8.2 out of 10.