CVE-2022-29275

moderate-risk

Published 2022-11-15

In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering leading to escalation of privileges. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 Kernel 5.1: version 05.17.21 Kernel 5.2: version 05.27.21 Kernel 5.3: version 05.36.21 Kernel 5.4: version 05.44.21 Kernel 5.5: version 05.52.21 https://www.insyde.com/security-pledge/SA-2022058

Do I need to act?

0.07% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.2/10 High

LOCAL / LOW complexity

Affected Products (1)

Kernel

Affected Vendors

Insyde

References (4)

Vendor Advisory https://www.insyde.com/security-pledge

Vendor Advisory https://www.insyde.com/security-pledge/SA-2022058

Vendor Advisory https://www.insyde.com/security-pledge

Vendor Advisory https://www.insyde.com/security-pledge/SA-2022058

/ 100

moderate-risk

Severity 25/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal