Vulnerabilities > CVE-2022-29276 - Out-of-bounds Write vulnerability in Insyde Kernel

CVSS 8.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

insyde

CWE-787

NVD

Published: 2022-11-15

Updated: 2022-11-29

Summary

SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18 Kernel 5.2: version 05.27.18 Kernel 5.3: version 05.36.18 Kernel 5.4: version 05.44.18 Kernel 5.5: version 05.52.18 https://www.insyde.com/security-pledge/SA-2022059

Vulnerable Configurations

Part	Description	Count
OS	Insyde Insyde Kernel 5.0 Insyde Kernel 5.1 Insyde Kernel 5.2 Insyde Kernel 5.3 Insyde Kernel 5.4 Insyde Kernel 5.5	6

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References