CVE-2022-29276Out-of-bounds Write in Kernel

CWE-787Out-of-bounds Write3 documents3 sources
Severity
8.2HIGHNVD
EPSS
0.1%
top 68.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Insyde Kernel
Timeline
PublishedNov 15
Latest updateNov 16

Description

SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18 Kernel 5.2: version 05.27.18 Kernel 5.3: version 05.36.18 Kernel 5.4: version 05.44.18 Kernel 5.5: version 05.52.18 https://www.insyde.com/security-pledge/SA-2022059

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages1 packages

NVDinsyde/kernel5.05.0.05.09.18+5

🔴Vulnerability Details

2
GHSA
GHSA-h4mx-3f49-295w: SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM2022-11-16
CVEList
CVE-2022-29276: SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM2022-11-15
CVE-2022-29276 — Out-of-bounds Write in Insyde Kernel | cvebase