Lucene search

[email protected]CVE-2022-29277

HistoryNov 15, 2022 - 10:15 p.m.

CVE-2022-29277

2022-11-1522:15:10

CWE-787

[email protected]

web.nvd.nist.gov

cve-2022-29277

fwblockservicesmm

ram modifications

intel

amd

security vulnerability

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.0048 Whitley: 05.42.23.0066 Cedar Island: 05.42.11.0021 Eagle Stream: 05.44.25.0052 Greenlow/Greenlow-R(skylake/kabylake): Trunk Mehlow/Mehlow-R (CoffeeLake-S): Trunk Tatlow (RKL-S): Trunk Denverton: 05.10.12.0042 Snow Ridge: Trunk Graneville DE: 05.05.15.0038 Grangeville DE NS: 05.27.26.0023 Bakerville: 05.21.51.0026 Idaville: 05.44.27.0030 Whiskey Lake: Trunk Comet Lake-S: Trunk Tiger Lake H/UP3: 05.43.12.0052 Alder Lake: 05.44.23.0047 Gemini Lake: Not Affected Apollo Lake: Not Affected Elkhart Lake: 05.44.30.0018 AMD ROME: trunk MILAN: 05.36.10.0017 GENOA: 05.52.25.0006 Snowy Owl: Trunk R1000: 05.32.50.0018 R2000: 05.44.30.0005 V2000: Trunk V3000: 05.44.30.0007 Ryzen 5000: 05.44.30.0004 Embedded ROME: Trunk Embedded MILAN: Trunk Hygon Hygon #1/#2: 05.36.26.0016 Hygon #3: 05.44.26.0007 https://www.insyde.com/security-pledge/SA-2022060

Affected configurations

NVD

Node

amdgenoaMatch-

AND

amdgenoa_firmwareRange<05.52.25.0006

Node

amdhygon_1Match-

AND

amdhygon_1_firmwareRange<05.36.26.0016

Node

amdhygon_2Match-

AND

amdhygon_2_firmwareRange<05.36.26.0016

Node

amdhygon_3Match-

AND

amdhygon_3_firmwareRange<05.44.26.0007

Node

amdmilanMatch-

AND

amdmilan_firmwareRange<05.36.10.0017

Node

amdmilanMatch-embedded

AND

amdmilan_firmwareRange<05.36.26.0016embedded

Node

amdromeMatch-

AND

amdrome_firmwareRange<05.36.10.0017

Node

amdromeMatch-embedded

AND

amdrome_firmwareRange<05.36.26.0016embedded

Node

amdryzen_5300g_firmwareRange<05.44.30.0004

AND

amdryzen_5300gMatch-

Node

amdryzen_5300ge_firmwareRange<05.44.30.0004

AND

amdryzen_5300geMatch-

Node

amdryzen_5600g_firmwareRange<05.44.30.0004

AND

amdryzen_5600gMatch-

Node

amdryzen_5600ge_firmwareRange<05.44.30.0004

AND

amdryzen_5600geMatch-

Node

amdryzen_5600x_firmwareRange<05.44.30.0004

AND

amdryzen_5600xMatch-

Node

amdryzen_5700g_firmwareRange<05.44.30.0004

AND

amdryzen_5700gMatch-

Node

amdryzen_5700ge_firmwareRange<05.44.30.0004

AND

amdryzen_5700geMatch-

Node

amdryzen_5800x_firmwareRange<05.44.30.0004

AND

amdryzen_5800xMatch-

Node

amdryzen_5800x3d_firmwareRange<05.44.30.0004

AND

amdryzen_5800x3dMatch-

Node

amdryzen_5900x_firmwareRange<05.44.30.0004

AND

amdryzen_5900xMatch-

Node

amdryzen_5950x_firmwareRange<05.44.30.0004

AND

amdryzen_5950xMatch-

Node

amdsnowy_owl_r1000_firmwareRange<05.32.50.0018

AND

amdsnowy_owl_r1000Match-

Node

amdsnowy_owl_r2000_firmwareRange<05.44.30.0005

AND

amdsnowy_owl_r2000Match-

Node

amdsnowy_owl_v2000_firmwareRange<05.44.30.0007

AND

amdsnowy_owl_v2000Match-

Node

amdsnowy_owl_v3000_firmwareRange<05.44.30.0007

AND

amdsnowy_owl_v3000Match-

Node

intelalder_lake_firmwareRange<05.44.23.0047

AND

intelalder_lakeMatch-

Node

intelbakerville_firmwareRange<05.21.51.0026

AND

intelbakervilleMatch-

Node

intelcedar_island_firmwareRange<05.42.11.0021

AND

intelcedar_islandMatch-

Node

intelidaville_firmwareRange<05.43.12.0052

AND

intelidavilleMatch-

Node

intelcomet_lake-s_firmwareRange<05.43.12.0052

AND

intelcomet_lake-sMatch-

Node

inteltiger_lake_h\/up3_firmwareRange<05.43.12.0052

AND

inteltiger_lake_h\/up3Match-

Node

intelwhiskey_lake_firmwareRange<05.43.12.0052

AND

intelwhiskey_lakeMatch-

Node

inteldenverton_firmwareRange<05.10.12.0042

AND

inteldenvertonMatch-

Node

inteleagle_stream_firmwareRange<05.44.25.0052

AND

inteleagle_streamMatch-

Node

intelgrangeville_de_ns_firmwareRange<05.27.26.0023

AND

intelgrangeville_de_nsMatch-

Node

intelgranville_de_firmwareRange<05.05.15.0038

AND

intelgranville_deMatch-

Node

intelgreenlow_firmwareRange<05.10.12.0042

AND

intelgreenlowMatch-

Node

intelgreenlow-r_firmwareRange<05.10.12.0042

AND

intelgreenlow-rMatch-

Node

intelmehlow_firmwareRange<05.10.12.0042

AND

intelmehlowMatch-

Node

intelmehlow-r_firmwareRange<05.10.12.0042

AND

intelmehlow-rMatch-

Node

inteltatlow_firmwareRange<05.10.12.0042

AND

inteltatlowMatch-

Node

intelpurley-r_firmwareRange<05.21.51.0048

AND

intelpurley-rMatch-

Node

intelwhitley_firmwareRange<05.42.23.0066

AND

intelwhitleyMatch-

CPENameOperatorVersion
amd:genoa_firmwareamd genoa firmwarelt05.52.25.0006

CPE	Name	Operator	Version
amd:genoa_firmware	amd genoa firmware	lt	05.52.25.0006

References

www.insyde.com/security-pledge

www.insyde.com/security-pledge/SA-2022060

Social References

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

Related for CVE-2022-29277

cvelist1 prion1 nvd1