CVE-2022-29277

Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.0048 Whitley: 05.42.23.0066 Cedar Island: 05.42.11.0021 Eagle Stream: 05.44.25.0052 Greenlow/Greenlow-R(skylake/kabylake): Trunk Mehlow/Mehlow-R (CoffeeLake-S): Trunk Tatlow (RKL-S): Trunk Denverton: 05.10.12.0042 Snow Ridge: Trunk Graneville DE: 05.05.15.0038 Grangeville DE NS: 05.27.26.0023 Bakerville: 05.21.51.0026 Idaville: 05.44.27.0030 Whiskey Lake: Trunk Comet Lake-S: Trunk Tiger Lake H/UP3: 05.43.12.0052 Alder Lake: 05.44.23.0047 Gemini Lake: Not Affected Apollo Lake: Not Affected Elkhart Lake: 05.44.30.0018 AMD ROME: trunk MILAN: 05.36.10.0017 GENOA: 05.52.25.0006 Snowy Owl: Trunk R1000: 05.32.50.0018 R2000: 05.44.30.0005 V2000: Trunk V3000: 05.44.30.0007 Ryzen 5000: 05.44.30.0004 Embedded ROME: Trunk Embedded MILAN: Trunk Hygon Hygon #1/#2: 05.36.26.0016 Hygon #3: 05.44.26.0007 https://www.insyde.com/security-pledge/SA-2022060

Published: 2022-11-15 Last update: 2025-04-30 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2022-29277 is rated Low Risk (38.6/100): CVSS High severity, with low exploitation likelihood (EPSS 0.19%). Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2022-29277

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.05% 0.19% +0.15%
2 2025-12-24 0.12% 0.05% -0.07%
3 2025-11-21 0.12%

Full EPSS history (7 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2022-29277

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
8.8 3.1 HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 2.0 6.0 [email protected]
8.8 3.1 HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
 2.0 6.0 134c704f-9b21-4f2e-91b3-4a467353bcc0

Weakness enumeration for CVE-2022-29277

Affected software / configurations for CVE-2022-29277

Vendor Product Version Raw CPE
amd genoa_firmware < 05.52.25.0006 cpe:2.3:o:amd:genoa_firmware:*:*:*:*:*:*:*:*
amd hygon_1_firmware < 05.36.26.0016 cpe:2.3:o:amd:hygon_1_firmware:*:*:*:*:*:*:*:*
amd hygon_2_firmware < 05.36.26.0016 cpe:2.3:o:amd:hygon_2_firmware:*:*:*:*:*:*:*:*
amd hygon_3_firmware < 05.44.26.0007 cpe:2.3:o:amd:hygon_3_firmware:*:*:*:*:*:*:*:*
amd milan_firmware < 05.36.10.0017 cpe:2.3:o:amd:milan_firmware:*:*:*:*:*:*:*:*
amd milan_firmware < 05.36.26.0016 cpe:2.3:o:amd:milan_firmware:*:*:*:*:embedded:*:*:*
amd rome_firmware < 05.36.10.0017 cpe:2.3:o:amd:rome_firmware:*:*:*:*:*:*:*:*
amd rome_firmware < 05.36.26.0016 cpe:2.3:o:amd:rome_firmware:*:*:*:*:embedded:*:*:*
amd ryzen_5300g_firmware < 05.44.30.0004 cpe:2.3:o:amd:ryzen_5300g_firmware:*:*:*:*:*:*:*:*
amd ryzen_5300ge_firmware < 05.44.30.0004 cpe:2.3:o:amd:ryzen_5300ge_firmware:*:*:*:*:*:*:*:*
amd ryzen_5600g_firmware < 05.44.30.0004 cpe:2.3:o:amd:ryzen_5600g_firmware:*:*:*:*:*:*:*:*
amd ryzen_5600ge_firmware < 05.44.30.0004 cpe:2.3:o:amd:ryzen_5600ge_firmware:*:*:*:*:*:*:*:*
amd ryzen_5600x_firmware < 05.44.30.0004 cpe:2.3:o:amd:ryzen_5600x_firmware:*:*:*:*:*:*:*:*
amd ryzen_5700g_firmware < 05.44.30.0004 cpe:2.3:o:amd:ryzen_5700g_firmware:*:*:*:*:*:*:*:*
amd ryzen_5700ge_firmware < 05.44.30.0004 cpe:2.3:o:amd:ryzen_5700ge_firmware:*:*:*:*:*:*:*:*
amd ryzen_5800x_firmware < 05.44.30.0004 cpe:2.3:o:amd:ryzen_5800x_firmware:*:*:*:*:*:*:*:*
amd ryzen_5800x3d_firmware < 05.44.30.0004 cpe:2.3:o:amd:ryzen_5800x3d_firmware:*:*:*:*:*:*:*:*
amd ryzen_5900x_firmware < 05.44.30.0004 cpe:2.3:o:amd:ryzen_5900x_firmware:*:*:*:*:*:*:*:*
amd ryzen_5950x_firmware < 05.44.30.0004 cpe:2.3:o:amd:ryzen_5950x_firmware:*:*:*:*:*:*:*:*
amd snowy_owl_r1000_firmware < 05.32.50.0018 cpe:2.3:o:amd:snowy_owl_r1000_firmware:*:*:*:*:*:*:*:*
amd snowy_owl_r2000_firmware < 05.44.30.0005 cpe:2.3:o:amd:snowy_owl_r2000_firmware:*:*:*:*:*:*:*:*
amd snowy_owl_v2000_firmware < 05.44.30.0007 cpe:2.3:o:amd:snowy_owl_v2000_firmware:*:*:*:*:*:*:*:*
amd snowy_owl_v3000_firmware < 05.44.30.0007 cpe:2.3:o:amd:snowy_owl_v3000_firmware:*:*:*:*:*:*:*:*
intel alder_lake_firmware < 05.44.23.0047 cpe:2.3:o:intel:alder_lake_firmware:*:*:*:*:*:*:*:*
intel bakerville_firmware < 05.21.51.0026 cpe:2.3:o:intel:bakerville_firmware:*:*:*:*:*:*:*:*
intel cedar_island_firmware < 05.42.11.0021 cpe:2.3:o:intel:cedar_island_firmware:*:*:*:*:*:*:*:*
intel idaville_firmware < 05.43.12.0052 cpe:2.3:o:intel:idaville_firmware:*:*:*:*:*:*:*:*
intel comet_lake-s_firmware < 05.43.12.0052 cpe:2.3:o:intel:comet_lake-s_firmware:*:*:*:*:*:*:*:*
intel tiger_lake_h\/up3_firmware < 05.43.12.0052 cpe:2.3:o:intel:tiger_lake_h\/up3_firmware:*:*:*:*:*:*:*:*
intel whiskey_lake_firmware < 05.43.12.0052 cpe:2.3:o:intel:whiskey_lake_firmware:*:*:*:*:*:*:*:*
intel denverton_firmware < 05.10.12.0042 cpe:2.3:o:intel:denverton_firmware:*:*:*:*:*:*:*:*
intel eagle_stream_firmware < 05.44.25.0052 cpe:2.3:o:intel:eagle_stream_firmware:*:*:*:*:*:*:*:*
intel grangeville_de_ns_firmware < 05.27.26.0023 cpe:2.3:o:intel:grangeville_de_ns_firmware:*:*:*:*:*:*:*:*
intel granville_de_firmware < 05.05.15.0038 cpe:2.3:o:intel:granville_de_firmware:*:*:*:*:*:*:*:*
intel greenlow_firmware < 05.10.12.0042 cpe:2.3:o:intel:greenlow_firmware:*:*:*:*:*:*:*:*
intel greenlow-r_firmware < 05.10.12.0042 cpe:2.3:o:intel:greenlow-r_firmware:*:*:*:*:*:*:*:*
intel mehlow_firmware < 05.10.12.0042 cpe:2.3:o:intel:mehlow_firmware:*:*:*:*:*:*:*:*
intel mehlow-r_firmware < 05.10.12.0042 cpe:2.3:o:intel:mehlow-r_firmware:*:*:*:*:*:*:*:*
intel tatlow_firmware < 05.10.12.0042 cpe:2.3:o:intel:tatlow_firmware:*:*:*:*:*:*:*:*
intel purley-r_firmware < 05.21.51.0048 cpe:2.3:o:intel:purley-r_firmware:*:*:*:*:*:*:*:*
intel whitley_firmware < 05.42.23.0066 cpe:2.3:o:intel:whitley_firmware:*:*:*:*:*:*:*:*

References for CVE-2022-29277

cvelogic Threat Intelligence