4 matches found
CVE-2022-32469
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the PnpSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU...
Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32469)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the PnpSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU...
CVE-2022-32469
CVE-2022-32469 affects Insyde InsydeH2O BIOS (kernel 5.0–5.5). It describes a TOCTOU race condition in the PnpSmm shared buffer used by SMM and non-SMM code, which could enable SMRAM corruption and privilege escalation. The advisory notes mitigations: (1) enable IOMMU protection for the ACPI runt...
CVE-2022-32469
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the PnpSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU...