CVE-2022-40246

Name of the Vulnerable Software and Affected Versions SbPei (affected versions not specified)

Description A potential attacker can write one byte by arbitrary address at the time of the PEI phase, only during S3 resume boot mode, and influence the subsequent boot stages. This can lead to mitigations bypassing, physical memory contents disclosure, discovery of secrets from Virtual Machines (VMs), and bypassing memory isolation and confidential computing boundaries. An attacker can also build a payload to be injected into the SMRAM memory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.