The FwBlockServiceSmm driver, a key component used in PCs' system firmware, has been found to have incorrect pointer checks that could potentially allow adversaries to modify the system memory and SMRAM with values arbitrarily. This security vulnerability, dubbed as CVE-2022-29277, was discovered within the SpiAccessLib instances of the driver. Specifically, these instances can be tricked into writing xFF to arbitrary addresses in both the system RAM and SMRAM, resulting in unforeseen consequences.

Affected Systems and Fixed Versions

The following systems have been affected by the CVE-2022-29277 vulnerability and their respective fixed versions are as follow:

Eagle Stream:

5. Greenlow/Greenlow-R (Skylake/KabyLake): Trunk
6. Mehlow/Mehlow-R (CoffeeLake-S): Trunk

Snow Ridge: Trunk

10. Graneville DE:
11. Grangeville DE NS:
12. Bakerville:
13. Idaville:
14. Whiskey Lake: Trunk
15. Comet Lake-S: Trunk
16. Tiger Lake H/UP3:
17. Alder Lake:
18. Gemini Lake: Not Affected
19. Apollo Lake: Not Affected
20. Elkhart Lake:
21. AMD ROME: Trunk
22. MILAN:
23. GENOA:
24. Snowy Owl: Trunk
25. R100:
26. R200:
27. V200: Trunk
28. V300:
29. Ryzen 500:
30. Embedded ROME: Trunk
31. Embedded MILAN: Trunk
32. Hygon Hygon #1/#2:
33. Hygon #3:

Consider a vulnerable function SpiAccessLibWrite in the FwBlockServiceSmm driver

SpiAccessLibWrite (
  IN UINTN BaseAddress,
  IN UINTN WriteSize
  UINTN Index;
  for (Index = ; Index < WriteSize; Index++) {
    MmioWrite8 (BaseAddress + Index, xFF);

  return EFI_SUCCESS;

In this example, an attacker can manipulate the BaseAddress and WriteSize values to target arbitrary memory locations.

Original References and Exploit Details

The details about CVE-2022-29277 are available at the Insyde Security Pledge: The findings indicate that the vulnerable drivers could be abused by an attacker to alter the contents of memory to their advantage.

Mitigations and Recommendations

Users who are running the affected systems are strongly advised to update their firmware to the fixed versions provided by their respective vendors. To prevent unauthorized tampering of the firmware and other vital components, it is crucial to enable hardware-based security features and follow best practices in handling sensitive data. Further, users should be cautious of opening any suspicious emails, attachments or links to avoid falling victim to potential exploits.


Published on: 11/15/2022 22:15:00 UTC
Last modified on: 11/22/2022 19:45:00 UTC