Lucene search

MitreCVE-2022-33982

HistoryNov 14, 2022 - 11:15 p.m.

CVE-2022-33982

2022-11-1423:15:11

CWE-367

mitre

web.nvd.nist.gov

cve-2022-33982

dma attacks

int15servicesmm

smi handler

toctou attack

smram

cwe-367

nvd

CVSS3

6.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

Percentile

12.6%

JSON

DMA attacks on the parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. DMA attacks on the parameter buffer used by the software SMI handler used by the driver Int15ServiceSmm could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23 CWE-367

Affected configurations

Nvd

Node

insydekernelRange5.2–5.2.05.27.23

insydekernelRange5.3–5.3.05.36.23

insydekernelRange5.4–5.4.05.44.23

insydekernelRange5.5–5.5.05.52.23

VendorProductVersionCPE
insydekernel*cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
insyde	kernel	*	cpe:2.3:a:insyde:kernel::::::::

References

cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf

www.insyde.com/security-pledge

www.insyde.com/security-pledge/SA-2022052

Social References

CVSS3

6.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.4

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2022-33982