CVE-2022-29276

HIGH

Insyde Kernel 5.0-5.5 - Out-of-bounds Write in AhciBusDxe SMI Functions

Title source: llm
STIX 2.1

Description

SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18 Kernel 5.2: version 05.27.18 Kernel 5.3: version 05.36.18 Kernel 5.4: version 05.44.18 Kernel 5.5: version 05.52.18 https://www.insyde.com/security-pledge/SA-2022059

References (2)

Core 2

Scores

CVSS v3 8.2
EPSS 0.0019
EPSS Percentile 9.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-787
Status published
Products (1)
insyde/kernel 5.0 - 5.0.05.09.18
Published Nov 15, 2022
Tracked Since Feb 18, 2026