PT-2022-19515 · Kernel · Kernel
Published
2022-11-15
·
Updated
2022-11-23
·
CVE-2022-29275
CVSS v3.1
8.2
High
| Vector | AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Kernel 5.0 versions prior to 05.09.21
Kernel 5.1 versions prior to 05.17.21
Kernel 5.2 versions prior to 05.27.21
Kernel 5.3 versions prior to 05.36.21
Kernel 5.4 versions prior to 05.44.21
Kernel 5.5 versions prior to 05.52.21
Description
In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering. Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review.
Recommendations
For Kernel 5.0, update to version 05.09.21 or later.
For Kernel 5.1, update to version 05.17.21 or later.
For Kernel 5.2, update to version 05.27.21 or later.
For Kernel 5.3, update to version 05.36.21 or later.
For Kernel 5.4, update to version 05.44.21 or later.
For Kernel 5.5, update to version 05.52.21 or later.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kernel