{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-30771", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-04-30T16:08:23.683Z", "dateReserved": "2022-05-16T00:00:00.000Z", "datePublished": "2022-11-15T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-11-15T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineering during a security review. Fixed in: Kernel 5.1: Version 05.17.25 Kernel 5.2: Version 05.27.25 Kernel 5.3: Version 05.36.25 Kernel 5.4: Version 05.44.25 Kernel 5.5: Version 05.52.25 https://www.insyde.com/security-pledge/SA-2022064"}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.insyde.com/security-pledge"}, {"url": "https://www.insyde.com/security-pledge/SA-2022064"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:56:14.053Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.insyde.com/security-pledge", "tags": ["x_transferred"]}, {"url": "https://www.insyde.com/security-pledge/SA-2022064", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-787", "lang": "en", "description": "CWE-787 Out-of-bounds Write"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-30T16:07:58.991753Z", "id": "CVE-2022-30771", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-30T16:08:23.683Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.insyde.com/security-pledge", "tags": ["x_transferred"]}, {"url": "https://www.insyde.com/security-pledge/SA-2022064", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:56:14.053Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-30771", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-30T16:07:58.991753Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-30T16:08:19.602Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.insyde.com/security-pledge"}, {"url": "https://www.insyde.com/security-pledge/SA-2022064"}], "descriptions": [{"lang": "en", "value": "Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineering during a security review. Fixed in: Kernel 5.1: Version 05.17.25 Kernel 5.2: Version 05.27.25 Kernel 5.3: Version 05.36.25 Kernel 5.4: Version 05.44.25 Kernel 5.5: Version 05.52.25 https://www.insyde.com/security-pledge/SA-2022064"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-11-15T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-30771", "state": "PUBLISHED", "dateUpdated": "2025-04-30T16:08:23.683Z", "dateReserved": "2022-05-16T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2022-11-15T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5BBA052D-95BD-4DAA-B2EB-158CA57C92F1", "versionEndExcluding": "5.1.05.17.25", "versionStartIncluding": "5.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "63A5141F-8209-406C-BC3E-1B0CEB9AF4FE", "versionEndExcluding": "5.2.05.27.25", "versionStartIncluding": "5.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCA8A888-C5DC-4550-8494-E72E886A7D33", "versionEndExcluding": "5.3.05.36.25", "versionStartIncluding": "5.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB9D389D-0C85-4107-8CBD-BD647C7CFFC7", "versionEndExcluding": "5.4.05.44.25", "versionStartIncluding": "5.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "472F2FC3-4BB0-468E-8F24-08C6CED5DA8B", "versionEndExcluding": "5.5.05.52.25", "versionStartIncluding": "5.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions Initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions. This issue was discovered by Insyde engineering during a security review. Fixed in: Kernel 5.1: Version 05.17.25 Kernel 5.2: Version 05.27.25 Kernel 5.3: Version 05.36.25 Kernel 5.4: Version 05.44.25 Kernel 5.5: Version 05.52.25 https://www.insyde.com/security-pledge/SA-2022064"}, {"lang": "es", "value": "La funci\u00f3n de inicializaci\u00f3n en PnpSmm podr\u00eda provocar da\u00f1os en la SMRAM al utilizar funciones PNP SMI posteriores. La funci\u00f3n de inicializaci\u00f3n en PnpSmm podr\u00eda provocar da\u00f1os en la SMRAM al utilizar funciones PNP SMI posteriores. Este problema fue descubierto por la ingenier\u00eda de Insyde durante una revisi\u00f3n de seguridad. Corregido en: Kernel 5.1: Versi\u00f3n 05.17.25 Kernel 5.2: Versi\u00f3n 05.27.25 Kernel 5.3: Versi\u00f3n 05.36.25 Kernel 5.4: Versi\u00f3n 05.44.25 Kernel 5.5: Versi\u00f3n 05.52.25 \nhttps://www.insyde.com/security- promesa/SA-2022064"}], "id": "CVE-2022-30771", "lastModified": "2025-04-30T16:15:21.247", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 6.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-11-15T21:15:36.910", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.insyde.com/security-pledge"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.insyde.com/security-pledge/SA-2022064"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.insyde.com/security-pledge"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.insyde.com/security-pledge/SA-2022064"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}