CVE-2022-29277

Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.0048 Whitley: 05.42.23.0066 Cedar Island: 05.42.11.0021 Eagle Stream: 05.44.25.0052 Greenlow/Greenlow-R(skylake/kabylake): Trunk Mehlow/Mehlow-R (CoffeeLake-S): Trunk Tatlow (RKL-S): Trunk Denverton: 05.10.12.0042 Snow Ridge: Trunk Graneville DE: 05.05.15.0038 Grangeville DE NS: 05.27.26.0023 Bakerville: 05.21.51.0026 Idaville: 05.44.27.0030 Whiskey Lake: Trunk Comet Lake-S: Trunk Tiger Lake H/UP3: 05.43.12.0052 Alder Lake: 05.44.23.0047 Gemini Lake: Not Affected Apollo Lake: Not Affected Elkhart Lake: 05.44.30.0018 AMD ROME: trunk MILAN: 05.36.10.0017 GENOA: 05.52.25.0006 Snowy Owl: Trunk R1000: 05.32.50.0018 R2000: 05.44.30.0005 V2000: Trunk V3000: 05.44.30.0007 Ryzen 5000: 05.44.30.0004 Embedded ROME: Trunk Embedded MILAN: Trunk Hygon Hygon #1/#2: 05.36.26.0016 Hygon #3: 05.44.26.0007 https://www.insyde.com/security-pledge/SA-2022060

CVSS v3.0 8.8 HIGH

8.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.insyde.com/security-pledge	Vendor Advisory
https://www.insyde.com/security-pledge/SA-2022060	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:amd:genoa_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:genoa:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:amd:hygon_1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:hygon_1:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:amd:hygon_2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:hygon_2:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:amd:hygon_3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:hygon_3:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:amd:milan_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:milan:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:amd:milan_firmware:*:*:*:*:embedded:*:*:*

cpe:2.3:h:amd:milan:-:*:*:*:embedded:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:amd:rome_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:rome:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:amd:rome_firmware:*:*:*:*:embedded:*:*:*

cpe:2.3:h:amd:rome:-:*:*:*:embedded:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:amd:ryzen_5300g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5300g:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:amd:ryzen_5300ge_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5300ge:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:amd:ryzen_5600g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5600g:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:amd:ryzen_5600ge_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5600ge:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:amd:ryzen_5600x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5600x:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:amd:ryzen_5700g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5700g:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:amd:ryzen_5700ge_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5700ge:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:amd:ryzen_5800x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5800x:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:amd:ryzen_5800x3d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5800x3d:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:amd:ryzen_5900x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5900x:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:amd:ryzen_5950x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_5950x:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:amd:snowy_owl_r1000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:snowy_owl_r1000:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:amd:snowy_owl_r2000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:snowy_owl_r2000:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:amd:snowy_owl_v2000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:snowy_owl_v2000:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:amd:snowy_owl_v3000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:snowy_owl_v3000:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:intel:alder_lake_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:alder_lake:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:intel:bakerville_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:bakerville:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:intel:cedar_island_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:cedar_island:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:intel:idaville_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:idaville:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:intel:comet_lake-s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:comet_lake-s:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:intel:tiger_lake_h\/up3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:tiger_lake_h\/up3:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:intel:whiskey_lake_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:whiskey_lake:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:intel:denverton_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:denverton:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:intel:eagle_stream_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:eagle_stream:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

cpe:2.3:o:intel:grangeville_de_ns_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:grangeville_de_ns:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND

cpe:2.3:o:intel:granville_de_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:granville_de:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND

cpe:2.3:o:intel:greenlow_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:greenlow:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND

cpe:2.3:o:intel:greenlow-r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:greenlow-r:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND

cpe:2.3:o:intel:mehlow_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:mehlow:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND

cpe:2.3:o:intel:mehlow-r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:mehlow-r:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND

cpe:2.3:o:intel:tatlow_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:tatlow:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND

cpe:2.3:o:intel:purley-r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:purley-r:-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND

cpe:2.3:o:intel:whitley_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:whitley:-:*:*:*:*:*:*:*

Information

Published : 2022-11-15 14:15

Updated : 2022-11-22 11:45

NVD link : CVE-2022-29277

Mitre link : CVE-2022-29277

JSON object : View

CWE

CWE-787

Out-of-bounds Write

Products Affected

intel

granville_de
bakerville_firmware
whiskey_lake_firmware
greenlow_firmware
eagle_stream_firmware
tiger_lake_h\/up3_firmware
tatlow_firmware
whitley_firmware
alder_lake_firmware
eagle_stream
cedar_island_firmware
bakerville
comet_lake-s
mehlow
idaville_firmware
whitley
greenlow
denverton
granville_de_firmware
whiskey_lake
comet_lake-s_firmware
idaville
grangeville_de_ns_firmware
greenlow-r_firmware
greenlow-r
purley-r
grangeville_de_ns
alder_lake
tiger_lake_h\/up3
cedar_island
mehlow-r_firmware
purley-r_firmware
mehlow-r
denverton_firmware
mehlow_firmware
tatlow

amd

ryzen_5950x
ryzen_5300g
ryzen_5800x
ryzen_5300ge_firmware
snowy_owl_v3000_firmware
snowy_owl_v2000
genoa
ryzen_5700g
snowy_owl_r1000_firmware
rome
ryzen_5600ge_firmware
ryzen_5600ge
ryzen_5700ge_firmware
snowy_owl_v2000_firmware
ryzen_5600g
hygon_1
ryzen_5950x_firmware
snowy_owl_v3000
ryzen_5800x3d_firmware
ryzen_5300ge
ryzen_5800x_firmware
hygon_2_firmware
ryzen_5700g_firmware
ryzen_5300g_firmware
ryzen_5600x_firmware
ryzen_5900x
hygon_1_firmware
hygon_2
ryzen_5600x
ryzen_5600g_firmware
hygon_3
hygon_3_firmware
snowy_owl_r2000
snowy_owl_r1000
milan_firmware
milan
ryzen_5900x_firmware
ryzen_5700ge
snowy_owl_r2000_firmware
genoa_firmware
rome_firmware
ryzen_5800x3d

8.8 /10