Vulnerability Details CVE-2022-36337
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability in the MebxConfiguration driver leads to arbitrary code execution. Control of a UEFI variable under the OS can cause this overflow when read by BIOS code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.3%
CVSS Severity
CVSS v3 Score 8.2
References
Products affected by CVE-2022-36337
-
cpe:2.3:o:insyde:kernel:5.0
-
cpe:2.3:o:insyde:kernel:5.1
-
cpe:2.3:o:insyde:kernel:5.2
-
cpe:2.3:o:insyde:kernel:5.3
-
cpe:2.3:o:insyde:kernel:5.4
-
cpe:2.3:o:insyde:kernel:5.5