CVE-2022-29278Improper Check for Unusual or Exceptional Conditions in Kernel

CWE-754Improper Check for Unusual or Exceptional Conditions3 documents3 sources
Severity
8.2HIGHNVD
EPSS
0.1%
top 84.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Insyde Kernel
Timeline
PublishedNov 15
Latest updateNov 16

Description

Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during security review. Fixed in: Kernel 5.1: Version 05.17.23 Kernel 5.2: Version 05.27.23 Kernel 5.3: Version 05.36.23 Kernel 5.4: Version 05.44.23 Kernel 5.5: Version 05.52.23 https://www.insyde.com/security-pledge/SA-2022061

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages1 packages

NVDinsyde/kernel5.15.1.05.17.23+4

🔴Vulnerability Details

2
GHSA
GHSA-c7xm-pc9f-6xw4: Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDx2022-11-16
CVEList
CVE-2022-29278: Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDx2022-11-15
CVE-2022-29278 — Insyde Kernel vulnerability | cvebase