CVE-2022-32266

DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23. Kernel 5.2 is unaffected. CWE-787 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the parameter buffer that is used by a software SMI handler (used by the PcdSmmDxe driver) could lead to a TOCTOU race-condition attack on the SMI handler, and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform.

CVSS v3.0 6.4 MEDIUM

6.4^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 0.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.insyde.com/security-pledge/SA-2022045	Vendor Advisory
https://www.insyde.com/security-pledge	Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:insyde:kernel::::::::
	cpe:2.3:a:insyde:kernel::::::::
	cpe:2.3:a:insyde:kernel::::::::

Information

Published : 2022-11-14 14:15

Updated : 2022-11-18 08:02

NVD link : CVE-2022-32266

Mitre link : CVE-2022-32266

JSON object : View

CWE

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

Advertisement

Products Affected

insyde

kernel

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.insyde.com/security-pledge/SA-2022045", "name": "https://www.insyde.com/security-pledge/SA-2022045", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "https://www.insyde.com/security-pledge", "name": "https://www.insyde.com/security-pledge", "tags": ["Vendor Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform. This issue was discovered by Insyde engineering during a security review. This issue is fixed in Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23. Kernel 5.2 is unaffected. CWE-787 An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the parameter buffer that is used by a software SMI handler (used by the PcdSmmDxe driver) could lead to a TOCTOU race-condition attack on the SMI handler, and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database contents on the current platform."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-367"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-32266", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.5}}, "publishedDate": "2022-11-14T22:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.5.05.52.23", "versionStartIncluding": "5.5"}, {"cpe23Uri": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.4.05.44.23", "versionStartIncluding": "5.4"}, {"cpe23Uri": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.3.05.36.23", "versionStartIncluding": "5.3"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-11-18T16:02Z"}