CVE-2022-32267
Last modified
CVE-2022-32267 is a medium-severity vulnerability rated 6.4/10 on the CVSS scale. DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DMA transactions which are targeted at input buffers used for the software SMI handler used by the SmmResourceCheckDxe driver could cause SMRAM corruption through a TOCTOU attack... This issue was discovered by Insyde engineering. EPSS estimates a 0.13% chance of exploitation in the next 30 days.
Description
DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DMA transactions which are targeted at input buffers used for the software SMI handler used by the SmmResourceCheckDxe driver could cause SMRAM corruption through a TOCTOU attack... This issue was discovered by Insyde engineering. Fixed in kernel Kernel 5.2: 05.27.23. Kernel 5.3: 05.36.23. Kernel 5.4: 05.44.23. Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022046
Metrics
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Insyde | Kernel | >= 5.2, < 5.2.05.27.23 |
| Insyde | Kernel | >= 5.3, < 5.3.05.36.23 |
| Insyde | Kernel | >= 5.4, < 5.4.05.44.23 |
| Insyde | Kernel | >= 5.5, < 5.5.05.52.23 |
References
- https://www.insyde.com/security-pledgeVendor Advisory
- https://www.insyde.com/security-pledge/SA-2022046Vendor Advisory
- https://www.insyde.com/security-pledgeVendor Advisory
- https://www.insyde.com/security-pledge/SA-2022046Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-32267?
How severe is CVE-2022-32267?
How do I fix CVE-2022-32267?
Are you affected by CVE-2022-32267?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST