AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-29277: Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of

highvulnerability

security

Source: NVD/CVE DatabaseNovember 15, 2022CVE-2022-29277

Summary

A bug in the FwBlockServiceSmm driver (firmware code that manages memory access on Intel and AMD processors) had incorrect pointer checks, allowing attackers to write data to arbitrary RAM addresses including SMRAM (a protected memory region). This could lead to serious system compromise by allowing unauthorized memory modifications.

Solution / Mitigation

Update the FwBlockServiceSmm driver to patched versions specific to your processor model. For example: Intel Purley-R to version 05.21.51.0048, Intel Whitley to 05.42.23.0066, AMD MILAN to 05.36.10.0017, AMD Ryzen 5000 to 05.44.30.0004, and Hygon processors to 05.36.26.0016 or 05.44.26.0007 depending on model. Some processor lines (marked as 'Trunk' or 'Not Affected') do not require updates. See https://www.insyde.com/security-pledge/SA-2022060 for the complete list of affected models and their specific patch versions.

Vulnerability Details

CVSS Score

8.8(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-787 CWE-787

CAPEC (Attack Pattern)

CAPEC-100

Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-29277

First tracked: February 15, 2026 at 08:51 PM

Classified by LLM (prompt v3) · confidence: 95%