How severe is CVE-2022-40262?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2022-40262?

This is classified as CWE-123, which is a common weakness in software security.

CVE-2022-40262 - HIGH Severity | CVSS 8.2

Vulnerability Description

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines (VMs) and bypassing memory isolation and confidential computing boundaries. Additionally, an attacker can build a payload which can be injected into the SMRAM memory. This issue affects: Module name: S3Resume2Pei SHA256: 7bb29f05534a8a1e010443213451425098faebd45948a4642db969b19d0253fc Module GUID: 89E549B0-7CFE-449D-9BA3-10D8B2312D71

Related Vulnerabilities

CVE-2022-35408

HIGH

CVSS:8.2(High)

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver in UsbLegacyControlSmm leads to possible arbitrary code execution in SMM and esc...

CWE-1232022

CVE-2024-36877

HIGH

CVSS:8.2(High)

Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was disco...

CWE-1232024

CVE-2024-2607

HIGH

CVSS:8.1(High)

Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnera...

CWE-1232024

CVE-2017-6282

HIGH

CVSS:7.8(High)

NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an attacker has the ability to write an arbitrary value to an arbitrary location which may lead to an escalation of privileges. This ...

CWE-1232017

CVE-2018-16962

HIGH

CVSS:7.8(High)

Webroot SecureAnywhere before 9.0.8.34 on macOS mishandles access to the driver by a process that lacks root privileges.

CWE-1232018

CVE-2020-16225

HIGH

CVSS:7.8(High)

Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where condition may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allo...

CWE-1232020