{
  "GSD": {
    "alias": "CVE-2022-32266",
    "description": "DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23. Kernel 5.2 is unaffected. CWE-787 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the parameter buffer that is used by a software SMI handler (used by the PcdSmmDxe driver) could lead to a TOCTOU race-condition attack on the SMI handler, and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform.",
    "id": "GSD-2022-32266"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-32266"
      ],
      "details": "DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23. Kernel 5.2 is unaffected. CWE-787 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the parameter buffer that is used by a software SMI handler (used by the PcdSmmDxe driver) could lead to a TOCTOU race-condition attack on the SMI handler, and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform.",
      "id": "GSD-2022-32266",
      "modified": "2023-12-13T01:19:12.210991Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2022-32266",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23. Kernel 5.2 is unaffected. CWE-787 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the parameter buffer that is used by a software SMI handler (used by the PcdSmmDxe driver) could lead to a TOCTOU race-condition attack on the SMI handler, and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.insyde.com/security-pledge",
            "refsource": "MISC",
            "url": "https://www.insyde.com/security-pledge"
          },
          {
            "name": "https://www.insyde.com/security-pledge/SA-2022045",
            "refsource": "MISC",
            "url": "https://www.insyde.com/security-pledge/SA-2022045"
          }
        ]
      },
      "source": {
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.5.05.52.23",
                "versionStartIncluding": "5.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.4.05.44.23",
                "versionStartIncluding": "5.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.3.05.36.23",
                "versionStartIncluding": "5.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-32266"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23. Kernel 5.2 is unaffected. CWE-787 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the parameter buffer that is used by a software SMI handler (used by the PcdSmmDxe driver) could lead to a TOCTOU race-condition attack on the SMI handler, and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-367"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.insyde.com/security-pledge/SA-2022045",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.insyde.com/security-pledge/SA-2022045"
            },
            {
              "name": "https://www.insyde.com/security-pledge",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.insyde.com/security-pledge"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 0.5,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-11-18T16:02Z",
      "publishedDate": "2022-11-14T22:15Z"
    }
  }
}

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "InsydeH2O UEFI BIOS ist eine propriet\u00e4re, lizenzierte UEFI-BIOS-Firmware, die Intel und AMD basierte Computer unterst\u00fctzt.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in der Insyde UEFI Firmware ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-0706 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0706.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-0706 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0706"
      },
      {
        "category": "external",
        "summary": "HP Customer Support - Knowledge Base vom 2023-03-21",
        "url": "https://support.hp.com/us-en/document/ish_7838102-7838162-16/HPSBHF03836"
      }
    ],
    "source_lang": "en-US",
    "title": "Insyde UEFI Firmware: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-03-21T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:47:03.228+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-0706",
      "initial_release_date": "2023-03-21T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-03-21T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HP Computer",
            "product": {
              "name": "HP Computer",
              "product_id": "T023191",
              "product_identification_helper": {
                "cpe": "cpe:/h:hp:computer:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HP"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Insyde UEFI Firmware",
            "product": {
              "name": "Insyde UEFI Firmware",
              "product_id": "T026843",
              "product_identification_helper": {
                "cpe": "cpe:/h:insyde:uefi:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Insyde"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-34325",
      "notes": [
        {
          "category": "description",
          "text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023191",
          "T026843"
        ]
      },
      "release_date": "2023-03-21T23:00:00.000+00:00",
      "title": "CVE-2022-34325"
    },
    {
      "cve": "CVE-2022-33986",
      "notes": [
        {
          "category": "description",
          "text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023191",
          "T026843"
        ]
      },
      "release_date": "2023-03-21T23:00:00.000+00:00",
      "title": "CVE-2022-33986"
    },
    {
      "cve": "CVE-2022-33985",
      "notes": [
        {
          "category": "description",
          "text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023191",
          "T026843"
        ]
      },
      "release_date": "2023-03-21T23:00:00.000+00:00",
      "title": "CVE-2022-33985"
    },
    {
      "cve": "CVE-2022-33984",
      "notes": [
        {
          "category": "description",
          "text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023191",
          "T026843"
        ]
      },
      "release_date": "2023-03-21T23:00:00.000+00:00",
      "title": "CVE-2022-33984"
    },
    {
      "cve": "CVE-2022-33983",
      "notes": [
        {
          "category": "description",
          "text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023191",
          "T026843"
        ]
      },
      "release_date": "2023-03-21T23:00:00.000+00:00",
      "title": "CVE-2022-33983"
    },
    {
      "cve": "CVE-2022-33982",
      "notes": [
        {
          "category": "description",
          "text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023191",
          "T026843"
        ]
      },
      "release_date": "2023-03-21T23:00:00.000+00:00",
      "title": "CVE-2022-33982"
    },
    {
      "cve": "CVE-2022-33909",
      "notes": [
        {
          "category": "description",
          "text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023191",
          "T026843"
        ]
      },
      "release_date": "2023-03-21T23:00:00.000+00:00",
      "title": "CVE-2022-33909"
    },
    {
      "cve": "CVE-2022-33908",
      "notes": [
        {
          "category": "description",
          "text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023191",
          "T026843"
        ]
      },
      "release_date": "2023-03-21T23:00:00.000+00:00",
      "title": "CVE-2022-33908"
    },
    {
      "cve": "CVE-2022-33907",
      "notes": [
        {
          "category": "description",
          "text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023191",
          "T026843"
        ]
      },
      "release_date": "2023-03-21T23:00:00.000+00:00",
      "title": "CVE-2022-33907"
    },
    {
      "cve": "CVE-2022-33906",
      "notes": [
        {
          "category": "description",
          "text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023191",
          "T026843"
        ]
      },
      "release_date": "2023-03-21T23:00:00.000+00:00",
      "title": "CVE-2022-33906"
    },
    {
      "cve": "CVE-2022-33905",
      "notes": [
        {
          "category": "description",
          "text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023191",
          "T026843"
        ]
      },
      "release_date": "2023-03-21T23:00:00.000+00:00",
      "title": "CVE-2022-33905"
    },
    {
      "cve": "CVE-2022-32267",
      "notes": [
        {
          "category": "description",
          "text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023191",
          "T026843"
        ]
      },
      "release_date": "2023-03-21T23:00:00.000+00:00",
      "title": "CVE-2022-32267"
    },
    {
      "cve": "CVE-2022-32266",
      "notes": [
        {
          "category": "description",
          "text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023191",
          "T026843"
        ]
      },
      "release_date": "2023-03-21T23:00:00.000+00:00",
      "title": "CVE-2022-32266"
    },
    {
      "cve": "CVE-2022-31243",
      "notes": [
        {
          "category": "description",
          "text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023191",
          "T026843"
        ]
      },
      "release_date": "2023-03-21T23:00:00.000+00:00",
      "title": "CVE-2022-31243"
    },
    {
      "cve": "CVE-2022-30774",
      "notes": [
        {
          "category": "description",
          "text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023191",
          "T026843"
        ]
      },
      "release_date": "2023-03-21T23:00:00.000+00:00",
      "title": "CVE-2022-30774"
    },
    {
      "cve": "CVE-2022-30773",
      "notes": [
        {
          "category": "description",
          "text": "In der Insyde UEFI Firmware existieren mehrere \"Time-of-Check to Time-of-Use (TOCTOU)\" Schwachstellen. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Informationen offenzulegen oder einen Denial of Service zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023191",
          "T026843"
        ]
      },
      "release_date": "2023-03-21T23:00:00.000+00:00",
      "title": "CVE-2022-30773"
    }
  ]
}

{
  "affected": [],
  "aliases": [
    "CVE-2022-32266"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-367",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-14T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23. Kernel 5.2 is unaffected. CWE-787 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the parameter buffer that is used by a software SMI handler (used by the PcdSmmDxe driver) could lead to a TOCTOU race-condition attack on the SMI handler, and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform.",
  "id": "GHSA-j8q4-3cww-3fwm",
  "modified": "2022-11-18T18:30:25Z",
  "published": "2022-11-15T12:00:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32266"
    },
    {
      "type": "WEB",
      "url": "https://www.insyde.com/security-pledge"
    },
    {
      "type": "WEB",
      "url": "https://www.insyde.com/security-pledge/SA-2022045"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}