CVE-2022-29276
Last modified
CVE-2022-29276 is a high-severity vulnerability rated 8.2/10 on the CVSS scale. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. EPSS estimates a 0.19% chance of exploitation in the next 30 days.
Description
SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18 Kernel 5.2: version 05.27.18 Kernel 5.3: version 05.36.18 Kernel 5.4: version 05.44.18 Kernel 5.5: version 05.52.18 https://www.insyde.com/security-pledge/SA-2022059
Metrics
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Insyde | Kernel | >= 5.0, < 5.0.05.09.18 |
| Insyde | Kernel | >= 5.1, < 5.1.05.17.18 |
| Insyde | Kernel | >= 5.2, < 5.2.05.27.18 |
| Insyde | Kernel | >= 5.3, < 5.3.05.36.18 |
| Insyde | Kernel | >= 5.4, < 5.4.05.44.18 |
| Insyde | Kernel | >= 5.5, < 5.5.05.52.18 |
References
- https://www.insyde.com/security-pledgeVendor Advisory
- https://www.insyde.com/security-pledge/SA-2022059Vendor Advisory
- https://www.insyde.com/security-pledgeVendor Advisory
- https://www.insyde.com/security-pledge/SA-2022059Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-29276?
How severe is CVE-2022-29276?
How do I fix CVE-2022-29276?
Are you affected by CVE-2022-29276?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST