CVE-2022-29276

15.11.2022, 22:15

SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18 Kernel 5.2: version 05.27.18 Kernel 5.3: version 05.36.18 Kernel 5.4: version 05.44.18 Kernel 5.5: version 05.52.18 https://www.insyde.com/security-pledge/SA-2022059

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.2 HIGH	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
insyde	kernel	5.0 ≤ 𝑥 < 5.0.05.09.18
insyde	kernel	5.1 ≤ 𝑥 < 5.1.05.17.18
insyde	kernel	5.2 ≤ 𝑥 < 5.2.05.27.18
insyde	kernel	5.3 ≤ 𝑥 < 5.3.05.36.18
insyde	kernel	5.4 ≤ 𝑥 < 5.4.05.44.18
insyde	kernel	5.5 ≤ 𝑥 < 5.5.05.52.18

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://www.insyde.com/security-pledge

https://www.insyde.com/security-pledge/SA-2022059

https://www.insyde.com/security-pledge

https://www.insyde.com/security-pledge/SA-2022059