Headline
CVE-2022-34325: Insyde Security Advisory 2022057 | Insyde Software
DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by
Insyde ID
Advisory Category
Impact of Vulnerability
Severity Rating
Original Date
Last Revised
INSYDE-SA-2022057
Software
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8
11/08/2022
11/08/2022
****Summary:****
DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack.
****Vulnerability Details****
CVE-2022-34325
DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. Fixed in:
Kernel 5.2: 05.27.23
Kernel 5.3: 05.36.23
Kernel 5.4: 05.44.23
Kernel 5.5: 05.52.23
****Revision History:****
Revision
Date
Description
1.0
11/08/2022
Initial Release
-
-
-
Return to Insyde’s Security Pledge