Lucene search

[email protected]NVD:CVE-2022-29275

HistoryNov 15, 2022 - 9:15 p.m.

CVE-2022-29275

2022-11-1521:15:36

CWE-119

[email protected]

web.nvd.nist.gov

usbcoredxe

untrusted input

smram

os memory

tampering

escalation of privileges

insyde

kernel 5.0

kernel 5.1

kernel 5.2

kernel 5.3

kernel 5.4

kernel 5.5

security vulnerability

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

12.6%

JSON

In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 Kernel 5.1: version 05.17.21 Kernel 5.2: version 05.27.21 Kernel 5.3: version 05.36.21 Kernel 5.4: version 05.44.21 Kernel 5.5: version 05.52.21 https://www.insyde.com/security-pledge/SA-2022058

Affected configurations

NVD

Node

insydekernelRange5.0–5.0.05.09.21

insydekernelRange5.1–5.1.05.17.21

insydekernelRange5.2–5.2.05.27.21

insydekernelRange5.3–5.3.05.36.21

insydekernelRange5.4–5.4.05.44.21

insydekernelRange5.5–5.5.05.52.21

References

www.insyde.com/security-pledge

www.insyde.com/security-pledge/SA-2022058

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2022-29275

cve1 prion1 cvelist1 ics1