CVE & CISA-KEV Catalog

CVE-2022-29277

HIGH
8.8
CVSS v3
NVD

Description

Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.0048 Whitley: 05.42.23.0066 Cedar Island: 05.42.11.0021 Eagle Stream: 05.44.25.0052 Greenlow/Greenlow-R(skylake/kabylake): Trunk Mehlow/Mehlow-R (CoffeeLake-S): Trunk Tatlow (RKL-S): Trunk Denverton: 05.10.12.0042 Snow Ridge: Trunk Graneville DE: 05.05.15.0038 Grangeville DE NS: 05.27.26.0023 Bakerville: 05.21.51.0026 Idaville: 05.44.27.0030 Whiskey Lake: Trunk Comet Lake-S: Trunk Tiger Lake H/UP3: 05.43.12.0052 Alder Lake: 05.44.23.0047 Gemini Lake: Not Affected Apollo Lake: Not Affected Elkhart Lake: 05.44.30.0018 AMD ROME: trunk MILAN: 05.36.10.0017 GENOA: 05.52.25.0006 Snowy Owl: Trunk R1000: 05.32.50.0018 R2000: 05.44.30.0005 V2000: Trunk V3000: 05.44.30.0007 Ryzen 5000: 05.44.30.0004 Embedded ROME: Trunk Embedded MILAN: Trunk Hygon Hygon #1/#2: 05.36.26.0016 Hygon #3: 05.44.26.0007 https://www.insyde.com/security-pledge/SA-2022060

How to fix

Remediation Available
alder lake firmwareNVD
Affected:< 05.44.23.0047Fixed in:05.44.23.0047CVE-2022-29277derived from NVD
bakerville firmwareNVD
Affected:< 05.21.51.0026Fixed in:05.21.51.0026CVE-2022-29277derived from NVD
cedar island firmwareNVD
Affected:< 05.42.11.0021Fixed in:05.42.11.0021CVE-2022-29277derived from NVD
comet lake-s firmwareNVD
Affected:< 05.43.12.0052Fixed in:05.43.12.0052CVE-2022-29277derived from NVD
denverton firmwareNVD
Affected:< 05.10.12.0042Fixed in:05.10.12.0042CVE-2022-29277derived from NVD
eagle stream firmwareNVD
Affected:< 05.44.25.0052Fixed in:05.44.25.0052CVE-2022-29277derived from NVD
genoa firmwareNVD
Affected:< 05.52.25.0006Fixed in:05.52.25.0006CVE-2022-29277derived from NVD
grangeville de ns firmwareNVD
Affected:< 05.27.26.0023Fixed in:05.27.26.0023CVE-2022-29277derived from NVD
granville de firmwareNVD
Affected:< 05.05.15.0038Fixed in:05.05.15.0038CVE-2022-29277derived from NVD
greenlow-r firmwareNVD
Affected:< 05.10.12.0042Fixed in:05.10.12.0042CVE-2022-29277derived from NVD
greenlow firmwareNVD
Affected:< 05.10.12.0042Fixed in:05.10.12.0042CVE-2022-29277derived from NVD
hygon 1 firmwareNVD
Affected:< 05.36.26.0016Fixed in:05.36.26.0016CVE-2022-29277derived from NVD
hygon 2 firmwareNVD
Affected:< 05.36.26.0016Fixed in:05.36.26.0016CVE-2022-29277derived from NVD
hygon 3 firmwareNVD
Affected:< 05.44.26.0007Fixed in:05.44.26.0007CVE-2022-29277derived from NVD
idaville firmwareNVD
Affected:< 05.43.12.0052Fixed in:05.43.12.0052CVE-2022-29277derived from NVD
mehlow-r firmwareNVD
Affected:< 05.10.12.0042Fixed in:05.10.12.0042CVE-2022-29277derived from NVD
mehlow firmwareNVD
Affected:< 05.10.12.0042Fixed in:05.10.12.0042CVE-2022-29277derived from NVD
milan firmwareNVD
Affected:< 05.36.26.0016Fixed in:05.36.26.0016CVE-2022-29277derived from NVD
Affected:< 05.36.10.0017Fixed in:05.36.10.0017CVE-2022-29277derived from NVD
purley-r firmwareNVD
Affected:< 05.21.51.0048Fixed in:05.21.51.0048CVE-2022-29277derived from NVD
rome firmwareNVD
Affected:< 05.36.10.0017Fixed in:05.36.10.0017CVE-2022-29277derived from NVD
Affected:< 05.36.26.0016Fixed in:05.36.26.0016CVE-2022-29277derived from NVD
ryzen 5300g firmwareNVD
Affected:< 05.44.30.0004Fixed in:05.44.30.0004CVE-2022-29277derived from NVD
ryzen 5300ge firmwareNVD
Affected:< 05.44.30.0004Fixed in:05.44.30.0004CVE-2022-29277derived from NVD
ryzen 5600g firmwareNVD
Affected:< 05.44.30.0004Fixed in:05.44.30.0004CVE-2022-29277derived from NVD
ryzen 5600ge firmwareNVD
Affected:< 05.44.30.0004Fixed in:05.44.30.0004CVE-2022-29277derived from NVD
ryzen 5600x firmwareNVD
Affected:< 05.44.30.0004Fixed in:05.44.30.0004CVE-2022-29277derived from NVD
ryzen 5700g firmwareNVD
Affected:< 05.44.30.0004Fixed in:05.44.30.0004CVE-2022-29277derived from NVD
ryzen 5700ge firmwareNVD
Affected:< 05.44.30.0004Fixed in:05.44.30.0004CVE-2022-29277derived from NVD
ryzen 5800x3d firmwareNVD
Affected:< 05.44.30.0004Fixed in:05.44.30.0004CVE-2022-29277derived from NVD
ryzen 5800x firmwareNVD
Affected:< 05.44.30.0004Fixed in:05.44.30.0004CVE-2022-29277derived from NVD
ryzen 5900x firmwareNVD
Affected:< 05.44.30.0004Fixed in:05.44.30.0004CVE-2022-29277derived from NVD
ryzen 5950x firmwareNVD
Affected:< 05.44.30.0004Fixed in:05.44.30.0004CVE-2022-29277derived from NVD
snowy owl r1000 firmwareNVD
Affected:< 05.32.50.0018Fixed in:05.32.50.0018CVE-2022-29277derived from NVD
snowy owl r2000 firmwareNVD
Affected:< 05.44.30.0005Fixed in:05.44.30.0005CVE-2022-29277derived from NVD
snowy owl v2000 firmwareNVD
Affected:< 05.44.30.0007Fixed in:05.44.30.0007CVE-2022-29277derived from NVD
snowy owl v3000 firmwareNVD
Affected:< 05.44.30.0007Fixed in:05.44.30.0007CVE-2022-29277derived from NVD
tatlow firmwareNVD
Affected:< 05.10.12.0042Fixed in:05.10.12.0042CVE-2022-29277derived from NVD
tiger lake h\/up3 firmwareNVD
Affected:< 05.43.12.0052Fixed in:05.43.12.0052CVE-2022-29277derived from NVD
whiskey lake firmwareNVD
Affected:< 05.43.12.0052Fixed in:05.43.12.0052CVE-2022-29277derived from NVD
whitley firmwareNVD
Affected:< 05.42.23.0066Fixed in:05.42.23.0066CVE-2022-29277derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeChanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploit Intelligence

0.19%probability of exploitation in 30 days
9thpercentile

Low risk: more likely to be exploited than 9% of all known CVEs.

References

Vendor Advisory2

Related Vulnerabilities

Other CWE-787 (Out-of-bounds Write) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2025-22457Critical9.0100%KEV + RansomFix
CVE-2025-0282Critical9.0100%KEV + Ransom-
CVE-2015-3113Critical9.8100%KEVFix
CVE-2021-20038Critical9.8100%KEV + Ransom-
CVE-2023-4863High8.8100%KEVFix
CVE-2020-16040Medium6.5100%-Fix
Embed a live status badge for CVE-2022-29277
CVE-2022-29277 severity badge

Markdown

[![CVE-2022-29277](https://tridentstack.com/cve/badge/CVE-2022-29277.svg)](https://tridentstack.com/cve/CVE-2022-29277)

HTML

<a href="https://tridentstack.com/cve/CVE-2022-29277"><img src="https://tridentstack.com/cve/badge/CVE-2022-29277.svg" alt="CVE-2022-29277"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-04-30.