8.8
CVE-2022-29277
- EPSS 0.07%
- Published 15.11.2022 22:15:10
- Last modified 30.04.2025 15:15:52
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.0048 Whitley: 05.42.23.0066 Cedar Island: 05.42.11.0021 Eagle Stream: 05.44.25.0052 Greenlow/Greenlow-R(skylake/kabylake): Trunk Mehlow/Mehlow-R (CoffeeLake-S): Trunk Tatlow (RKL-S): Trunk Denverton: 05.10.12.0042 Snow Ridge: Trunk Graneville DE: 05.05.15.0038 Grangeville DE NS: 05.27.26.0023 Bakerville: 05.21.51.0026 Idaville: 05.44.27.0030 Whiskey Lake: Trunk Comet Lake-S: Trunk Tiger Lake H/UP3: 05.43.12.0052 Alder Lake: 05.44.23.0047 Gemini Lake: Not Affected Apollo Lake: Not Affected Elkhart Lake: 05.44.30.0018 AMD ROME: trunk MILAN: 05.36.10.0017 GENOA: 05.52.25.0006 Snowy Owl: Trunk R1000: 05.32.50.0018 R2000: 05.44.30.0005 V2000: Trunk V3000: 05.44.30.0007 Ryzen 5000: 05.44.30.0004 Embedded ROME: Trunk Embedded MILAN: Trunk Hygon Hygon #1/#2: 05.36.26.0016 Hygon #3: 05.44.26.0007 https://www.insyde.com/security-pledge/SA-2022060
Data is provided by the National Vulnerability Database (NVD)
Amd ≫ Genoa Firmware Version < 05.52.25.0006
Amd ≫ Hygon 1 Firmware Version < 05.36.26.0016
Amd ≫ Hygon 2 Firmware Version < 05.36.26.0016
Amd ≫ Hygon 3 Firmware Version < 05.44.26.0007
Amd ≫ Milan Firmware Version < 05.36.10.0017
Amd ≫ Milan Firmware SwEditionembedded Version < 05.36.26.0016
Amd ≫ Rome Firmware Version < 05.36.10.0017
Amd ≫ Rome Firmware SwEditionembedded Version < 05.36.26.0016
Amd ≫ Ryzen 5300g Firmware Version < 05.44.30.0004
Amd ≫ Ryzen 5300ge Firmware Version < 05.44.30.0004
Amd ≫ Ryzen 5600g Firmware Version < 05.44.30.0004
Amd ≫ Ryzen 5600ge Firmware Version < 05.44.30.0004
Amd ≫ Ryzen 5600x Firmware Version < 05.44.30.0004
Amd ≫ Ryzen 5700g Firmware Version < 05.44.30.0004
Amd ≫ Ryzen 5700ge Firmware Version < 05.44.30.0004
Amd ≫ Ryzen 5800x Firmware Version < 05.44.30.0004
Amd ≫ Ryzen 5800x3d Firmware Version < 05.44.30.0004
Amd ≫ Ryzen 5900x Firmware Version < 05.44.30.0004
Amd ≫ Ryzen 5950x Firmware Version < 05.44.30.0004
Amd ≫ Snowy Owl R1000 Firmware Version < 05.32.50.0018
Amd ≫ Snowy Owl R2000 Firmware Version < 05.44.30.0005
Amd ≫ Snowy Owl V2000 Firmware Version < 05.44.30.0007
Amd ≫ Snowy Owl V3000 Firmware Version < 05.44.30.0007
Intel ≫ Alder Lake Firmware Version < 05.44.23.0047
Intel ≫ Bakerville Firmware Version < 05.21.51.0026
Intel ≫ Cedar Island Firmware Version < 05.42.11.0021
Intel ≫ Idaville Firmware Version < 05.43.12.0052
Intel ≫ Comet Lake-s Firmware Version < 05.43.12.0052
Intel ≫ Whiskey Lake Firmware Version < 05.43.12.0052
Intel ≫ Denverton Firmware Version < 05.10.12.0042
Intel ≫ Eagle Stream Firmware Version < 05.44.25.0052
Intel ≫ Grangeville De Ns Firmware Version < 05.27.26.0023
Intel ≫ Granville De Firmware Version < 05.05.15.0038
Intel ≫ Greenlow Firmware Version < 05.10.12.0042
Intel ≫ Greenlow-r Firmware Version < 05.10.12.0042
Intel ≫ Mehlow Firmware Version < 05.10.12.0042
Intel ≫ Mehlow-r Firmware Version < 05.10.12.0042
Intel ≫ Tatlow Firmware Version < 05.10.12.0042
Intel ≫ Purley-r Firmware Version < 05.21.51.0048
Intel ≫ Whitley Firmware Version < 05.42.23.0066
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.225 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2 | 6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2 | 6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.