fkie_cve-2022-29279
Vulnerability from fkie_nvd
Published
2022-11-15 22:15
Modified
2024-11-21 06:58
Severity ?
Summary
Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.17 Kernel 5.1: version 05.17.17 Kernel 5.2: version 05.27.17 Kernel 5.3: version 05.36.17 Kernel 5.4: version 05.44.17 Kernel 5.5: version 05.52.17 https://www.insyde.com/security-pledge/SA-2022062
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.insyde.com/security-pledge | Vendor Advisory | |
| cve@mitre.org | https://www.insyde.com/security-pledge/SA-2022062 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2022062 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FE02F2-B7F1-4542-B113-774A476C451C",
"versionEndExcluding": "5.0.05.09.17",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1580FAB-6AEA-4006-AB3E-3F384ABC7F75",
"versionEndExcluding": "5.1.05.17.17",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "025933E3-5677-4E99-AA74-20CC0DD2AB96",
"versionEndExcluding": "5.2.05.27.17",
"versionStartIncluding": "5.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABCE7EF5-A44C-408B-BF30-73DD221D71E0",
"versionEndExcluding": "5.3.05.36.17",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B106DD8E-FBC4-4562-8508-69576EF4432D",
"versionEndExcluding": "5.4.05.44.17",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E96A4367-F490-4AD8-B83F-54253E207622",
"versionEndExcluding": "5.5.05.52.17",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice Use of a untrusted pointer allows tampering with SMRAM and OS memory in SdHostDriver and SdMmcDevice. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.17 Kernel 5.1: version 05.17.17 Kernel 5.2: version 05.27.17 Kernel 5.3: version 05.36.17 Kernel 5.4: version 05.44.17 Kernel 5.5: version 05.52.17 https://www.insyde.com/security-pledge/SA-2022062"
},
{
"lang": "es",
"value": "El uso de un puntero que no es de confianza permite alterar la SMRAM y la memoria del sistema operativo en SdHostDriver y SdMmcDevice. El uso de un puntero que no es de confianza permite alterar la SMRAM y la memoria del sistema operativo en SdHostDriver y SdMmcDevice. Insyde descubri\u00f3 este problema durante la revisi\u00f3n de seguridad. Se solucion\u00f3 en: Kernel 5.0: versi\u00f3n 05.09.17 Kernel 5.1: versi\u00f3n 05.17.17 Kernel 5.2: versi\u00f3n 05.27.17 Kernel 5.3: versi\u00f3n 05.36.17 Kernel 5.4: versi\u00f3n 05.44.17 Kernel 5.5: versi\u00f3n 05.52.17 https:/ /www.insyde.com/security-pledge/SA-2022062"
}
],
"id": "CVE-2022-29279",
"lastModified": "2024-11-21T06:58:51.713",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-15T22:15:11.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.insyde.com/security-pledge/SA-2022062"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.