CVE-2022-29276

SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18 Kernel 5.2: version 05.27.18 Kernel 5.3: version 05.36.18 Kernel 5.4: version 05.44.18 Kernel 5.5: version 05.52.18 https://www.insyde.com/security-pledge/SA-2022059

Published: Nov 15, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-29276
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.2
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
insyde / kernel	5.0	5.0.05.09.18
insyde / kernel	5.1	5.1.05.17.18
insyde / kernel	5.2	5.2.05.27.18
insyde / kernel	5.3	5.3.05.36.18
insyde / kernel	5.4	5.4.05.44.18
insyde / kernel	5.5	5.5.05.52.18

https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2022059

Vulnerability Database

289,697

CVE-2022-29276