DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DMA transactions which are targeted at input buffers used for the software SMI handler used by the SmmResourceCheckDxe driver could cause SMRAM corruption through a TOCTOU attack... This issue was discovered by Insyde engineering. Fixed in kernel Kernel 5.2: 05.27.23. Kernel 5.3: 05.36.23. Kernel 5.4: 05.44.23. Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022046
References
Link | Resource |
---|---|
https://www.insyde.com/security-pledge | Vendor Advisory |
https://www.insyde.com/security-pledge/SA-2022046 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
18 Nov 2022, 16:01
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-367 | |
First Time |
Insyde kernel
Insyde |
|
CPE | cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.4 |
References | (MISC) https://www.insyde.com/security-pledge/SA-2022046 - Vendor Advisory | |
References | (MISC) https://www.insyde.com/security-pledge - Vendor Advisory |
15 Nov 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-15 00:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-32267
Mitre link : CVE-2022-32267
CVE.ORG link : CVE-2022-32267
JSON object : View
Products Affected
insyde
- kernel
CWE
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition