CVE-2022-29278

EUVD-2022-33621

15.11.2022, 22:15

Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during security review. Fixed in: Kernel 5.1: Version 05.17.23 Kernel 5.2: Version 05.27.23 Kernel 5.3: Version 05.36.23 Kernel 5.4: Version 05.44.23 Kernel 5.5: Version 05.52.23 https://www.insyde.com/security-pledge/SA-2022061

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.2 HIGH	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CISA-ADP	ADP	8.2 HIGH	LOCAL	LOW	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 15%

Affected Products (NVD)

Vendor	Product	Version
insyde	kernel	5.1 ≤ 𝑥 < 5.1.05.17.23
insyde	kernel	5.2 ≤ 𝑥 < 5.2.05.27.23
insyde	kernel	5.3 ≤ 𝑥 < 5.3.05.36.23
insyde	kernel	5.4 ≤ 𝑥 < 5.4.05.44.23
insyde	kernel	5.5 ≤ 𝑥 < 5.5.05.52.23

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-754 - Improper Check for Unusual or Exceptional Conditions
The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.

References

https://www.insyde.com/security-pledge

https://www.insyde.com/security-pledge/SA-2022061

https://www.insyde.com/security-pledge

https://www.insyde.com/security-pledge/SA-2022061