insyde kernel 对因果或异常条件的不恰当检查

CVE编号

CVE-2022-29278

利用情况

暂无

补丁情况

N/A

披露时间

2022-11-16
漏洞描述
Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory. This issue was discovered by Insyde during security review. Fixed in: Kernel 5.1: Version 05.17.23 Kernel 5.2: Version 05.27.23 Kernel 5.3: Version 05.36.23 Kernel 5.4: Version 05.44.23 Kernel 5.5: Version 05.52.23 https://www.insyde.com/security-pledge/SA-2022061
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接
https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2022061
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
系统 insyde kernel * From
(including)
5.1 		Up to
(excluding)
5.1.05.17.23
运行在以下环境
系统 insyde kernel * From
(including)
5.2 		Up to
(excluding)
5.2.05.27.23
运行在以下环境
系统 insyde kernel * From
(including)
5.3 		Up to
(excluding)
5.3.05.36.23
运行在以下环境
系统 insyde kernel * From
(including)
5.4 		Up to
(excluding)
5.4.05.44.23
运行在以下环境
系统 insyde kernel * From
(including)
5.5 		Up to
(excluding)
5.5.05.52.23
CVSS3评分
8.2
  • 攻击路径
    本地
  • 攻击复杂度
  • 权限要求
  • 影响范围
    已更改
  • 用户交互
  • 可用性
  • 保密性
  • 完整性
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE-ID 漏洞类型
CWE-754 对因果或异常条件的不恰当检查
阿里云安全产品覆盖情况