Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-29277

Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.0048 Whitley: 05.42.23.0066 Cedar Island: 05.42.11.0021 Eagle Stream: 05.44.25.0052 Greenlow/Greenlow-R(skylake/kabylake): Trunk Mehlow/Mehlow-R (CoffeeLake-S): Trunk Tatlow (RKL-S): Trunk Denverton: 05.10.12.0042 Snow Ridge: Trunk Graneville DE: 05.05.15.0038 Grangeville DE NS: 05.27.26.0023 Bakerville: 05.21.51.0026 Idaville: 05.44.27.0030 Whiskey Lake: Trunk Comet Lake-S: Trunk Tiger Lake H/UP3: 05.43.12.0052 Alder Lake: 05.44.23.0047 Gemini Lake: Not Affected Apollo Lake: Not Affected Elkhart Lake: 05.44.30.0018 AMD ROME: trunk MILAN: 05.36.10.0017 GENOA: 05.52.25.0006 Snowy Owl: Trunk R1000: 05.32.50.0018 R2000: 05.44.30.0005 V2000: Trunk V3000: 05.44.30.0007 Ryzen 5000: 05.44.30.0004 Embedded ROME: Trunk Embedded MILAN: Trunk Hygon Hygon #1/#2: 05.36.26.0016 Hygon #3: 05.44.26.0007 https://www.insyde.com/security-pledge/SA-2022060

Security Impact Summary

This vulnerability carries a HIGH severity rating with a CVSS v3.1 score of 8.8, requiring local system access to exploit with relatively low complexity without requiring user interaction requiring only low-level privileges . The vulnerability impacts confidentiality (data exposure), integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 78 products from amd, from amd, from amd and 75 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2022, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2022-11-15T22:15:10.933

Last Modified

2025-04-30T15:15:52.540

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-787
Type: Secondary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	amd	genoa_firmware	< 05.52.25.0006	Yes
Hardware	amd	genoa	-	No
Operating System	amd	hygon_1_firmware	< 05.36.26.0016	Yes
Hardware	amd	hygon_1	-	No
Operating System	amd	hygon_2_firmware	< 05.36.26.0016	Yes
Hardware	amd	hygon_2	-	No
Operating System	amd	hygon_3_firmware	< 05.44.26.0007	Yes
Hardware	amd	hygon_3	-	No
Operating System	amd	milan_firmware	< 05.36.10.0017	Yes
Hardware	amd	milan	-	No
Operating System	amd	milan_firmware	< 05.36.26.0016	Yes
Hardware	amd	milan	-	No
Operating System	amd	rome_firmware	< 05.36.10.0017	Yes
Hardware	amd	rome	-	No
Operating System	amd	rome_firmware	< 05.36.26.0016	Yes
Hardware	amd	rome	-	No
Operating System	amd	ryzen_5300g_firmware	< 05.44.30.0004	Yes
Hardware	amd	ryzen_5300g	-	No
Operating System	amd	ryzen_5300ge_firmware	< 05.44.30.0004	Yes
Hardware	amd	ryzen_5300ge	-	No
Operating System	amd	ryzen_5600g_firmware	< 05.44.30.0004	Yes
Hardware	amd	ryzen_5600g	-	No
Operating System	amd	ryzen_5600ge_firmware	< 05.44.30.0004	Yes
Hardware	amd	ryzen_5600ge	-	No
Operating System	amd	ryzen_5600x_firmware	< 05.44.30.0004	Yes
Hardware	amd	ryzen_5600x	-	No
Operating System	amd	ryzen_5700g_firmware	< 05.44.30.0004	Yes
Hardware	amd	ryzen_5700g	-	No
Operating System	amd	ryzen_5700ge_firmware	< 05.44.30.0004	Yes
Hardware	amd	ryzen_5700ge	-	No
Operating System	amd	ryzen_5800x_firmware	< 05.44.30.0004	Yes
Hardware	amd	ryzen_5800x	-	No
Operating System	amd	ryzen_5800x3d_firmware	< 05.44.30.0004	Yes
Hardware	amd	ryzen_5800x3d	-	No
Operating System	amd	ryzen_5900x_firmware	< 05.44.30.0004	Yes
Hardware	amd	ryzen_5900x	-	No
Operating System	amd	ryzen_5950x_firmware	< 05.44.30.0004	Yes
Hardware	amd	ryzen_5950x	-	No
Operating System	amd	snowy_owl_r1000_firmware	< 05.32.50.0018	Yes
Hardware	amd	snowy_owl_r1000	-	No
Operating System	amd	snowy_owl_r2000_firmware	< 05.44.30.0005	Yes
Hardware	amd	snowy_owl_r2000	-	No
Operating System	amd	snowy_owl_v2000_firmware	< 05.44.30.0007	Yes
Hardware	amd	snowy_owl_v2000	-	No
Operating System	amd	snowy_owl_v3000_firmware	< 05.44.30.0007	Yes
Hardware	amd	snowy_owl_v3000	-	No
Operating System	intel	alder_lake_firmware	< 05.44.23.0047	Yes
Hardware	intel	alder_lake	-	No
Operating System	intel	bakerville_firmware	< 05.21.51.0026	Yes
Hardware	intel	bakerville	-	No
Operating System	intel	cedar_island_firmware	< 05.42.11.0021	Yes
Hardware	intel	cedar_island	-	No
Operating System	intel	idaville_firmware	< 05.43.12.0052	Yes
Hardware	intel	idaville	-	No
Operating System	intel	comet_lake-s_firmware	< 05.43.12.0052	Yes
Hardware	intel	comet_lake-s	-	No
Operating System	intel	tiger_lake_h\/up3_firmware	< 05.43.12.0052	Yes
Hardware	intel	tiger_lake_h\/up3	-	No
Operating System	intel	whiskey_lake_firmware	< 05.43.12.0052	Yes
Hardware	intel	whiskey_lake	-	No
Operating System	intel	denverton_firmware	< 05.10.12.0042	Yes
Hardware	intel	denverton	-	No
Operating System	intel	eagle_stream_firmware	< 05.44.25.0052	Yes
Hardware	intel	eagle_stream	-	No
Operating System	intel	grangeville_de_ns_firmware	< 05.27.26.0023	Yes
Hardware	intel	grangeville_de_ns	-	No
Operating System	intel	granville_de_firmware	< 05.05.15.0038	Yes
Hardware	intel	granville_de	-	No
Operating System	intel	greenlow_firmware	< 05.10.12.0042	Yes
Hardware	intel	greenlow	-	No
Operating System	intel	greenlow-r_firmware	< 05.10.12.0042	Yes
Hardware	intel	greenlow-r	-	No
Operating System	intel	mehlow_firmware	< 05.10.12.0042	Yes
Hardware	intel	mehlow	-	No
Operating System	intel	mehlow-r_firmware	< 05.10.12.0042	Yes
Hardware	intel	mehlow-r	-	No
Operating System	intel	tatlow_firmware	< 05.10.12.0042	Yes
Hardware	intel	tatlow	-	No
Operating System	intel	purley-r_firmware	< 05.21.51.0048	Yes
Hardware	intel	purley-r	-	No
Operating System	intel	whitley_firmware	< 05.42.23.0066	Yes
Hardware	intel	whitley	-	No

References

https://www.insyde.com/security-pledge Vendor Advisory ([email protected])
https://www.insyde.com/security-pledge/SA-2022060 Vendor Advisory ([email protected])
https://www.insyde.com/security-pledge Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.insyde.com/security-pledge/SA-2022060 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For amd's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.