Headline
CVE-2022-33905: Insyde Security Advisory 2022047 | Insyde Software
DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group, Fixed in kernel 5.2: 05.27.23, kernel 5.3: 05.36.23, kernel 5.4: 05.44.23, kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022047
Insyde ID
Advisory Category
Impact of Vulnerability
Severity Rating
Original Date
Last Revised
INSYDE-SA-2022047
Software
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8
11/08/2022
11/08/2022
****Summary:****
DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack).
****Vulnerability Details****
CVE-2022-33905
DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group, Fixed in:
Kernel 5.2: 05.27.23
Kernel 5.3: 05.36.23
Kernel 5.4: 05.44.23
Kernel 5.5: 05.52.23
****Revision History:****
Revision
Date
Description
1.0
11/08/2022
Initial Release
-
-
-
Return to Insyde’s Security Pledge