Insyde Security Advisory 2022060

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2022060 Software CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 7.5 11/14/2022 11/14/2022

Summary:

Incorrect pointer checks within the FwBlockServiceSmm driver can allow arbitrary RAM modifications.

Vulnerability Details

CVE-2022-29277

During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in:

INTEL
Purley-R: 05.21.51.0048
Whitley: 05.42.23.0066
Cedar Island: 05.42.11.0021
Eagle Stream: 05.44.25.0052
Greenlow/Greenlow-R(skylake/kabylake): Trunk
Mehlow/Mehlow-R (CoffeeLake-S): Trunk
Tatlow (RKL-S): Trunk
Denverton: 05.10.12.0042
Snow Ridge: Trunk
Graneville DE: 05.05.15.0038
Grangeville DE NS: 05.27.26.0023
Bakerville: 05.21.51.0026
Idaville: 05.44.27.0030
Whiskey Lake: Trunk
Comet Lake-S: Trunk
Tiger Lake H/UP3: 05.43.12.0052
Alder Lake: 05.44.23.0047
Gemini Lake: Not Affected
Apollo Lake: Not Affected
Elkhart Lake: 05.44.30.0018

AMD
ROME: trunk
MILAN: 05.36.10.0017
GENOA: 05.52.25.0006
Snowy Owl: Trunk
R1000: 05.32.50.0018
R2000: 05.44.30.0005
V2000: Trunk

Revision History:

Revision Date Description
1.0 11/14/2022 Initial Release
- - -

Return to Insyde's Security Pledge