Headline
CVE-2022-31243: Insyde Security Advisory 2022044 | Insyde Software
Update description and links DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption through a TOCTOU attack… "DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. Fixed in Kernel 5.2: 05.27.21. Kernel 5.3: 05.36.21. Kernel 5.4: 05.44.21. Kernel 5.5: 05.52.21 https://www.insyde.com/security-pledge/SA-2022044
Insyde ID
Advisory Category
Impact of Vulnerability
Severity Rating
Original Date
Last Revised
INSYDE-SA-2022044
Software
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
7.5
11/08/2022
11/08/2022
****Summary:****
DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption (a TOCTOU attack).
****Vulnerability Details****
CVE-2022-31243
DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. Fixed in:
Kernel 5.2: 05.27.21
Kernel 5.3: 05.36.21
Kernel 5.4: 05.44.21
Kernel 5.5: 05.52.21
****Revision History:****
Revision
Date
Description
1.0
11/08/2022
Initial Release
-
-
-
Return to Insyde’s Security Pledge