CVE-2022-29275 Untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering and lead to escalation of privileges. This issue was discovered by Insyde during security review.

Untrusted input may lead to remote code execution on Intel vPro/hypervisor platforms Untrusted input may lead to remote code execution on Intel vPro/hypervisor platforms. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 Kernel 5.1: version 05.17.21 https://www.insyde.com/security-pledge/SA-2042096

Unsafe use of tcp_cork() may lead to information disclosure on Intel vPro/hypervisor platforms Untrusted input may lead to remote code execution on Intel vPro/hypervisor platforms. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 https://www.insyde.com/security-pledge/SA-2042096

Untrusted input in kfifo_buf() may lead to information disclosure on Intel vPro/hypervisor platforms Untrusted input in kfifo_buf() may lead to remote code execution on Intel vPro/hypervisor platforms. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 https://www.insyde.com/security-pledge/SA-2042096

Unsafe chown() on a user-defined data

Background Information

Unsafe use of tcp_cork() may lead to information disclosure on Intel vPro/hypervisor platforms. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09 https://www.insyde.com/security-pledge/SA-2042096

Consequences of the issue

This could lead to information disclosure on Intel vPro/hypervisor platforms. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 https://www.insyde.com/security-pledge/SA-2042096

Unsafe chown() on a user-defined data

Potential Impact of the Vulnerability

An attacker could cause a denial of service on the host system.

common pitfalls of chown() untrusted input may lead to remote code execution on Intel vPro/hypervisor platforms. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21

Dependency on Insyde Untrusted input in kfifo_buf() may lead to remote code execution on Intel vPro/hypervisor platforms. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 https://www.insyde.com/security-pledge/SA-2042096


Untrusted input in kfifo_buf() may lead to remote code execution on Intel vPro/hypervisor platforms Untrusted input in kfifo_buf() may lead to remote code execution on Intel vPro/hypervisor platforms. This issue was discovered by Insyde during security review. It was fixed in: Kernel 5.0: version 05.09.21 https://www.insyde.com/security-pledge/SA-2042096

Timeline

Published on: 11/15/2022 21:15:00 UTC
Last modified on: 11/23/2022 16:20:00 UTC

References