3 matches found
CVE-2022-32955
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the NvmExpressDxe buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU...
CVE-2022-32955
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the NvmExpressDxe buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU...
CVE-2022-32955
The CVE-2022-32955 issue affects Insyde InsydeH2O BIOS (kernel 5.0–5.5) where DMA attacks on the NvmExpressDxe buffer used by SMM/non-SMM code cause TOCTOU race conditions. This can lead to SMRAM corruption and privilege escalation. The documented mitigations are: use IOMMU protection for the ACP...