How severe is CVE-2022-40246?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2022-40246?

This is classified as CWE-123, which is a common weakness in software security.

CVE-2022-40246 - HIGH Severity | CVSS 7.2

Vulnerability Description

A potential attacker can write one byte by arbitrary address at the time of the PEI phase (only during S3 resume boot mode) and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory. This issue affects: Module name: SbPei SHA256: d827182e5f9b7a9ff0b9d3e232f7cfac43b5237e2681e11f005be627a49283a9 Module GUID: c1fbd624-27ea-40d1-aa48-94c3dc5c7e0d

Related Vulnerabilities

CVE-2017-10994

HIGH

CVSS:7.3(High)

Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document.

CWE-1232017

CVE-2024-20141

MEDIUM

CVSS:6.8(Medium)

In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional ...

CWE-1232024

CVE-2018-15375

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values ...

CWE-1232018

CVE-2018-15376

MEDIUM

CVSS:6.7(Medium)

CWE-1232018

CVE-2021-1390

MEDIUM

CVSS:6.7(Medium)

A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulner...

CWE-1232021

CVE-2021-1520

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the internal message processing of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, local attacker to run arbitrary commands with ro...

CWE-1232021