CVE-2022-29277

Summary

CVE	CVE-2022-29277
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-11-15 22:15:00 UTC
Updated	2022-11-22 19:45:00 UTC
Description	Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.0048 Whitley: 05.42.23.0066 Cedar Island: 05.42.11.0021 Eagle Stream: 05.44.25.0052 Greenlow/Greenlow-R(skylake/kabylake): Trunk Mehlow/Mehlow-R (CoffeeLake-S): Trunk Tatlow (RKL-S): Trunk Denverton: 05.10.12.0042 Snow Ridge: Trunk Graneville DE: 05.05.15.0038 Grangeville DE NS: 05.27.26.0023 Bakerville: 05.21.51.0026 Idaville: 05.44.27.0030 Whiskey Lake: Trunk Comet Lake-S: Trunk Tiger Lake H/UP3: 05.43.12.0052 Alder Lake: 05.44.23.0047 Gemini Lake: Not Affected Apollo Lake: Not Affected Elkhart Lake: 05.44.30.0018 AMD ROME: trunk MILAN: 05.36.10.0017 GENOA: 05.52.25.0006 Snowy Owl: Trunk R1000: 05.32.50.0018 R2000: 05.44.30.0005 V2000: Trunk V3000: 05.44.30.0007 Ryzen 5000: 05.44.30.0004 Embedded ROME: Trunk Embedded MILAN: Trunk Hygon Hygon #1/#2: 05.36.26.0016 Hygon #3: 05.44.26.0007 https://www.insyde.com/security-pledge/SA-2022060

Risk And Classification

Problem Types: CWE-787

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Amd	Genoa	-	All	All	All
Operating System	Amd	Genoa Firmware	All	All	All	All
Hardware	Amd	Hygon 1	-	All	All	All
Operating System	Amd	Hygon 1 Firmware	All	All	All	All
Hardware	Amd	Hygon 2	-	All	All	All
Operating System	Amd	Hygon 2 Firmware	All	All	All	All
Hardware	Amd	Hygon 3	-	All	All	All
Operating System	Amd	Hygon 3 Firmware	All	All	All	All
Hardware	Amd	Milan	-	All	All	All
Hardware	Amd	Milan	-	All	All	All
Operating System	Amd	Milan Firmware	All	All	All	All
Operating System	Amd	Milan Firmware	All	All	All	All
Hardware	Amd	Rome	-	All	All	All
Hardware	Amd	Rome	-	All	All	All
Operating System	Amd	Rome Firmware	All	All	All	All
Operating System	Amd	Rome Firmware	All	All	All	All
Hardware	Amd	Ryzen 5300g	-	All	All	All
Hardware	Amd	Ryzen 5300ge	-	All	All	All
Operating System	Amd	Ryzen 5300ge Firmware	All	All	All	All
Operating System	Amd	Ryzen 5300g Firmware	All	All	All	All
Hardware	Amd	Ryzen 5600g	-	All	All	All
Hardware	Amd	Ryzen 5600ge	-	All	All	All
Operating System	Amd	Ryzen 5600ge Firmware	All	All	All	All
Operating System	Amd	Ryzen 5600g Firmware	All	All	All	All
Hardware	Amd	Ryzen 5600x	-	All	All	All
Operating System	Amd	Ryzen 5600x Firmware	All	All	All	All
Hardware	Amd	Ryzen 5700g	-	All	All	All
Hardware	Amd	Ryzen 5700ge	-	All	All	All
Operating System	Amd	Ryzen 5700ge Firmware	All	All	All	All
Operating System	Amd	Ryzen 5700g Firmware	All	All	All	All
Hardware	Amd	Ryzen 5800x	-	All	All	All
Hardware	Amd	Ryzen 5800x3d	-	All	All	All
Operating System	Amd	Ryzen 5800x3d Firmware	All	All	All	All
Operating System	Amd	Ryzen 5800x Firmware	All	All	All	All
Hardware	Amd	Ryzen 5900x	-	All	All	All
Operating System	Amd	Ryzen 5900x Firmware	All	All	All	All
Hardware	Amd	Ryzen 5950x	-	All	All	All
Operating System	Amd	Ryzen 5950x Firmware	All	All	All	All
Hardware	Amd	Snowy Owl R1000	-	All	All	All
Operating System	Amd	Snowy Owl R1000 Firmware	All	All	All	All
Hardware	Amd	Snowy Owl R2000	-	All	All	All
Operating System	Amd	Snowy Owl R2000 Firmware	All	All	All	All
Hardware	Amd	Snowy Owl V2000	-	All	All	All
Operating System	Amd	Snowy Owl V2000 Firmware	All	All	All	All
Hardware	Amd	Snowy Owl V3000	-	All	All	All
Operating System	Amd	Snowy Owl V3000 Firmware	All	All	All	All
Hardware	Intel	Alder Lake	-	All	All	All
Operating System	Intel	Alder Lake Firmware	All	All	All	All
Hardware	Intel	Bakerville	-	All	All	All
Operating System	Intel	Bakerville Firmware	All	All	All	All
Hardware	Intel	Cedar Island	-	All	All	All
Operating System	Intel	Cedar Island Firmware	All	All	All	All
Hardware	Intel	Comet Lake-s	-	All	All	All
Operating System	Intel	Comet Lake-s Firmware	All	All	All	All
Hardware	Intel	Denverton	-	All	All	All
Operating System	Intel	Denverton Firmware	All	All	All	All
Hardware	Intel	Eagle Stream	-	All	All	All
Operating System	Intel	Eagle Stream Firmware	All	All	All	All
Hardware	Intel	Grangeville De Ns	-	All	All	All
Operating System	Intel	Grangeville De Ns Firmware	All	All	All	All
Hardware	Intel	Granville De	-	All	All	All
Operating System	Intel	Granville De Firmware	All	All	All	All
Hardware	Intel	Greenlow	-	All	All	All
Hardware	Intel	Greenlow-r	-	All	All	All
Operating System	Intel	Greenlow-r Firmware	All	All	All	All
Operating System	Intel	Greenlow Firmware	All	All	All	All
Hardware	Intel	Idaville	-	All	All	All
Operating System	Intel	Idaville Firmware	All	All	All	All
Hardware	Intel	Mehlow	-	All	All	All
Hardware	Intel	Mehlow-r	-	All	All	All
Operating System	Intel	Mehlow-r Firmware	All	All	All	All
Operating System	Intel	Mehlow Firmware	All	All	All	All
Hardware	Intel	Purley-r	-	All	All	All
Operating System	Intel	Purley-r Firmware	All	All	All	All
Hardware	Intel	Tatlow	-	All	All	All
Operating System	Intel	Tatlow Firmware	All	All	All	All
Hardware	Intel	Tiger Lake H/up3	-	All	All	All
Operating System	Intel	Tiger Lake H/up3 Firmware	All	All	All	All
Hardware	Intel	Whiskey Lake	-	All	All	All
Operating System	Intel	Whiskey Lake Firmware	All	All	All	All
Hardware	Intel	Whitley	-	All	All	All
Operating System	Intel	Whitley Firmware	All	All	All	All

References

Reference	Source	Link	Tags
Insyde Security Advisory 2022060 \| Insyde Software	MISC	www.insyde.com
Insyde's Security Pledge \| Insyde Software	MISC	www.insyde.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.