CVE-2022-40262

Name of the Vulnerable Software and Affected Versions S3Resume2Pei (affected versions not specified)

Description A potential attacker can execute arbitrary code during the PEI phase, influencing subsequent boot stages. This can lead to bypassing mitigations, disclosure of physical memory contents, discovery of secrets from Virtual Machines (VMs), and bypassing memory isolation and confidential computing boundaries. An attacker can also build a payload to inject into the SMRAM memory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.