3 matches found
Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32473)
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the HddPassword shared buffer used by SMM and non- SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMM...
CVE-2022-32473
CVE-2022-32473 affects InsydeH2O firmware (kernel 5.0–5.5). The issue is a TOCTOU race condition in a DMA path where the HddPassword shared buffer is accessed by SMM and non-SMM code, risking SMRAM corruption and privilege escalation. The underlying vulnerability arises from timing when the firmw...
CVE-2022-32473
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the HddPassword shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU...