CVE-2022-29279: Buffer Overflow
First published: Tue Nov 15 2022(Updated: )
Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.17 Kernel 5.1: version 05.17.17 Kernel 5.2: version 05.27.17 Kernel 5.3: version 05.36.17 Kernel 5.4: version 05.44.17 Kernel 5.5: version 05.52.17 https://www.insyde.com/security-pledge/SA-2022062
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Insyde Kernel | >=5.0<5.0.05.09.17 | |
| Insyde Kernel | >=5.1<5.1.05.17.17 | |
| Insyde Kernel | >=5.2<5.2.05.27.17 | |
| Insyde Kernel | >=5.3<5.3.05.36.17 | |
| Insyde Kernel | >=5.4<5.4.05.44.17 | |
| Insyde Kernel | >=5.5<5.5.05.52.17 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-29279?
CVE-2022-29279 is a vulnerability that allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice.
How can this vulnerability be exploited?
This vulnerability can be exploited by using an untrusted pointer to tamper with SMRAM and OS memory in SdHostDriver and SdMmcDevice.
What is the severity of CVE-2022-29279?
The severity of CVE-2022-29279 is high, with a CVSS score of 8.2.
Which software versions are affected by CVE-2022-29279?
Insyde Kernel versions 5.0 to 5.5 are affected by CVE-2022-29279.
Has this vulnerability been fixed?
Yes, this vulnerability has been fixed in Insyde Kernel versions 5.0.05.09.17 to 5.5.05.52.17.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/first-publish-date
- agent/tags
- agent/description
- agent/event
- agent/source
- vendor/insyde
- canonical/insyde kernel
- version/insyde kernel/5.0
- version/insyde kernel/5.1
- version/insyde kernel/5.2
- version/insyde kernel/5.3
- version/insyde kernel/5.4
- version/insyde kernel/5.5