CVE-2022-29275Improper Restriction of Operations within the Bounds of a Memory Buffer in Kernel

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
8.2HIGHNVD
EPSS
0.1%
top 77.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Insyde Kernel
Timeline
PublishedNov 15
Latest updateNov 16

Description

In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 Kernel 5.1: version 05.17.21 Kernel 5.2: version 05.27.21 Kernel 5.3: version 05.36.21 Kernel 5.4: version 05.44.21 Kernel 5.5: version 05.52.21 https://www.insyde.com/security-pledge/SA-2022058

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages1 packages

NVDinsyde/kernel5.15.1.05.17.21+5

🔴Vulnerability Details

2
GHSA
GHSA-ph2x-fwr9-vjxc: In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to es2022-11-16
CVEList
CVE-2022-29275: In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to es2022-11-15
CVE-2022-29275 — Insyde Kernel vulnerability | cvebase