What is CVE-2022-29276?

CVE-2022-29276 is a vulnerability in the SMI functions of AhciBusDxe that allows for the corruption of SMRAM due to untrusted inputs.

Who discovered CVE-2022-29276?

CVE-2022-29276 was discovered by Insyde during a security review.

What is the severity of CVE-2022-29276?

CVE-2022-29276 has a severity rating of 8.2 (high).

How can I check if my version of Insyde Kernel is affected by CVE-2022-29276?

You can check if your version of Insyde Kernel is affected by CVE-2022-29276 by comparing the version range mentioned in the CPE (Common Platform Enumeration) with your installed version.

How do I fix CVE-2022-29276?

To fix CVE-2022-29276, you should update your Insyde Kernel to version 05.09.18 or later for Kernel 5.0, version 05.17.18 or later for Kernel 5.1, or a later fixed version for other affected kernel versions.

Vulnerability/
CVE-2022-29276

high

8.2

CWE

787

15/11/2022

3/8/2024

CVE-2022-29276

First published: Tue Nov 15 2022(Updated: )

SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. SMI functions in AhciBusDxe use untrusted inputs leading to corruption of SMRAM. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.18 Kernel 5.1: version 05.17.18 Kernel 5.2: version 05.27.18 Kernel 5.3: version 05.36.18 Kernel 5.4: version 05.44.18 Kernel 5.5: version 05.52.18 https://www.insyde.com/security-pledge/SA-2022059

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Insyde Kernel	>=5.0<5.0.05.09.18
Insyde Kernel	>=5.1<5.1.05.17.18
Insyde Kernel	>=5.2<5.2.05.27.18
Insyde Kernel	>=5.3<5.3.05.36.18
Insyde Kernel	>=5.4<5.4.05.44.18
Insyde Kernel	>=5.5<5.5.05.52.18

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-29276?
CVE-2022-29276 is a vulnerability in the SMI functions of AhciBusDxe that allows for the corruption of SMRAM due to untrusted inputs.
Who discovered CVE-2022-29276?
CVE-2022-29276 was discovered by Insyde during a security review.
What is the severity of CVE-2022-29276?
CVE-2022-29276 has a severity rating of 8.2 (high).
How can I check if my version of Insyde Kernel is affected by CVE-2022-29276?
You can check if your version of Insyde Kernel is affected by CVE-2022-29276 by comparing the version range mentioned in the CPE (Common Platform Enumeration) with your installed version.
How do I fix CVE-2022-29276?
To fix CVE-2022-29276, you should update your Insyde Kernel to version 05.09.18 or later for Kernel 5.0, version 05.17.18 or later for Kernel 5.1, or a later fixed version for other affected kernel versions.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/weakness
agent/author
agent/first-publish-date
agent/tags
agent/description
agent/event
agent/source
vendor/insyde
canonical/insyde kernel
version/insyde kernel/5.0
version/insyde kernel/5.1
version/insyde kernel/5.2
version/insyde kernel/5.3
version/insyde kernel/5.4
version/insyde kernel/5.5

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.