Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-29278

Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during security review. Fixed in: Kernel 5.1: Version 05.17.23 Kernel 5.2: Version 05.27.23 Kernel 5.3: Version 05.36.23 Kernel 5.4: Version 05.44.23 Kernel 5.5: Version 05.52.23 https://www.insyde.com/security-pledge/SA-2022061

Published

2022-11-15T22:15:11.117

Last Modified

2025-04-30T15:15:52.750

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.2 (HIGH)

Weaknesses

Type: Primary
CWE-754
Type: Secondary
CWE-754

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	insyde	kernel	< 5.1.05.17.23	Yes
Operating System	insyde	kernel	< 5.2.05.27.23	Yes
Operating System	insyde	kernel	< 5.3.05.36.23	Yes
Operating System	insyde	kernel	< 5.4.05.44.23	Yes
Operating System	insyde	kernel	< 5.5.05.52.23	Yes

References

https://www.insyde.com/security-pledge Vendor Advisory ([email protected])
https://www.insyde.com/security-pledge/SA-2022061 Vendor Advisory ([email protected])
https://www.insyde.com/security-pledge Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.insyde.com/security-pledge/SA-2022061 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)