Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-40261— SMM memory corruption vulnerability in OverClockSmiHandler SMM driver

EPSS 0.13% · P32
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-40261

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
SMM memory corruption vulnerability in OverClockSmiHandler SMM driver
Source: NVD (National Vulnerability Database)
Vulnerability Description
An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI flash protections against modifications, which can help an attacker to install a firmware backdoor/implant into BIOS. Such a malicious firmware code in BIOS could persist across operating system re-installs. Additionally, this vulnerability potentially could be used by malicious actors to bypass security mechanisms provided by UEFI firmware (for example, Secure Boot and some types of memory isolation for hypervisors). This issue affects: Module name: OverClockSmiHandler SHA256: a204699576e1a48ce915d9d9423380c8e4c197003baf9d17e6504f0265f3039c Module GUID: 4698C2BD-A903-410E-AD1F-5EEF3A1AE422
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Intel NUC M15 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Intel NUC M15是美国英特尔(Intel)公司的一种笔记本电脑套件。 Intel NUC M15 Laptop Kit BC0076之前版本存在安全漏洞,该漏洞源于权限提升,在系统管理模式下执行任意代码,在SMM中运行任意代码还会绕过基于SMM的SPI闪存保护以防止修改,这可以帮助攻击者将固件后门/植入物安装到BIOS中。BIOS中的此类恶意固件代码可能会在重新安装操作系统后持续存在,恶意行为者可能会利用此漏洞绕过UEFI固件提供的安全机制。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
AMIAptio 5.x -

II. Public POCs for CVE-2022-40261

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-40261

登录查看更多情报信息。

Same Patch Batch · AMI · 2022-09-20 · 5 CVEs total

CVE-2022-26873The stack buffer overflow vulnerability in PlatformInitAdvancedPreMem leads to arbitrary c
CVE-2022-40246Arbitrary write vulnerability in SbPei module leads to arbitrary code execution during PEI
CVE-2022-40250Stack overflow vulnerability in SMI handler on SmmSmbiosElog.
CVE-2022-40262The arbitrary write vulnerability in S3Resume2Pei leads to arbitrary code execution during

IV. Related Vulnerabilities

Same product: Aptio
Same vendor: AMI
Same weakness: CWE-120

V. Comments for CVE-2022-40261

No comments yet

Leave a comment