CVE-2022-29264

NameCVE-2022-29264
DescriptionAn issue was discovered in coreboot 4.13 through 4.16. On APs, arbitrary code execution in SMM may occur.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
coreboot (PTS)bookworm4.15~dfsg-3vulnerable
sid, trixie24.08+dfsg-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
corebootsource(unstable)(unfixed)unimportant

Notes

https://review.coreboot.org/c/coreboot/+/63478
Introduced by: https://github.com/coreboot/coreboot/commit/afb7a814783cda12f5b72167163b9109ee1d15a7 (4.13)
Fixed by: https://github.com/coreboot/coreboot/commit/d7c371619a287a3a74e23fc3fcff4793a12deba6 (4.17)
src:coreutils builds only the utilities

Search for package or bug name: Reporting problems