Lucene search

[email protected]NVD:CVE-2022-32955

HistoryFeb 15, 2023 - 2:15 a.m.

CVE-2022-32955

2023-02-1502:15:09

CWE-367

[email protected]

web.nvd.nist.gov

insyde insydeh2o kernel

dma attack

toctou race-condition

smram corruption

escalation of privileges

iommu protection

acpi runtime memory

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

13.2%

JSON

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the NvmExpressDxe buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the link data to SMRAM before checking it and verifying that all pointers are within the buffer.

Affected configurations

Nvd

Node

insydeinsydeh2oRange5.0–5.2.05.27.27

insydeinsydeh2oRange5.3–5.3.05.36.27

insydeinsydeh2oRange5.4–5.4.05.44.27

insydeinsydeh2oRange5.5–5.5.05.52.27

VendorProductVersionCPE
insydeinsydeh2o*cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
insyde	insydeh2o	*	cpe:2.3:a:insyde:insydeh2o::::::::

References

www.insyde.com/security-pledge

www.insyde.com/security-pledge/SA-2023015

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

13.2%

JSON

Related for NVD:CVE-2022-32955

nessus1 cvelist1 prion1 cve1