Lucene search

[email protected]NVD:CVE-2022-29278

HistoryNov 15, 2022 - 10:15 p.m.

CVE-2022-29278

2022-11-1522:15:11

CWE-754

[email protected]

web.nvd.nist.gov

nvmexpressdxe driver

kernel 5.1

kernel 5.2

kernel 5.3

kernel 5.4

kernel 5.5

security review

insyde

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during security review. Fixed in: Kernel 5.1: Version 05.17.23 Kernel 5.2: Version 05.27.23 Kernel 5.3: Version 05.36.23 Kernel 5.4: Version 05.44.23 Kernel 5.5: Version 05.52.23 https://www.insyde.com/security-pledge/SA-2022061

Affected configurations

Nvd

Node

insydekernelRange5.1–5.1.05.17.23

insydekernelRange5.2–5.2.05.27.23

insydekernelRange5.3–5.3.05.36.23

insydekernelRange5.4–5.4.05.44.23

insydekernelRange5.5–5.5.05.52.23

VendorProductVersionCPE
insydekernel*cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
insyde	kernel	*	cpe:2.3:o:insyde:kernel::::::::

References

www.insyde.com/security-pledge

www.insyde.com/security-pledge/SA-2022061

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2022-29278

cve1 cvelist1 prion1