Skip to main content

Aptio V CVE-2022-40262

HIGH
Write-what-where Condition (CWE-123)
2022-09-20 cret@cert.org
8.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.2 HIGH
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 20, 2022 - 18:15 nvd
HIGH 8.2

DescriptionNVD

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory. This issue affects: Module name: S3Resume2Pei SHA256: 7bb29f05534a8a1e010443213451425098faebd45948a4642db969b19d0253fc Module GUID: 89E549B0-7CFE-449D-9BA3-10D8B2312D71

AnalysisAI

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-123. A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory. This issue affects: Module name: S3Resume2Pei SHA256: 7bb29f05534a8a1e010443213451425098faebd45948a4642db969b19d0253fc Module GUID: 89E549B0-7CFE-449D-9BA3-10D8B2312D71 Affected products include: Ami Aptio V, Intel Server Board M10Jnp2Sb Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-40250 HIGH POC
8.8 Sep 20

An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in Syste

CVE-2022-40261 HIGH POC
8.2 Sep 20

An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in Syste

CVE-2022-26873 HIGH POC
8.2 Sep 20

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages

CVE-2024-42442 HIGH
8.8 Nov 12

APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations wit

CVE-2025-33045 HIGH
8.2 Sep 09

APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure

CVE-2024-33657 HIGH
7.8 Aug 21

This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stac

CVE-2024-33656 HIGH
7.8 Aug 21

The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. Rated

CVE-2023-39539 HIGH
7.8 Dec 06

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with danger

CVE-2023-39538 HIGH
7.8 Dec 06

AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with danger

CVE-2023-39537 HIGH
7.8 Nov 14

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network

CVE-2023-39536 HIGH
7.8 Nov 14

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network

CVE-2023-39535 HIGH
7.8 Nov 14

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network

Share

CVE-2022-40262 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy