CVE-2022-32955
Last modified
CVE-2022-32955 is a high-severity vulnerability rated 7/10 on the CVSS scale. An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the NvmExpressDxe buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. EPSS estimates a 0.13% chance of exploitation in the next 30 days.
Description
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the NvmExpressDxe buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated by using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the link data to SMRAM before checking it and verifying that all pointers are within the buffer.
Metrics
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Insyde | Insydeh2o | >= 5.0, < 5.2.05.27.27 |
| Insyde | Insydeh2o | >= 5.3, < 5.3.05.36.27 |
| Insyde | Insydeh2o | >= 5.4, < 5.4.05.44.27 |
| Insyde | Insydeh2o | >= 5.5, < 5.5.05.52.27 |
References
- https://www.insyde.com/security-pledgeVendor Advisory
- https://www.insyde.com/security-pledge/SA-2023015Vendor Advisory
- https://www.insyde.com/security-pledgeVendor Advisory
- https://www.insyde.com/security-pledge/SA-2023015Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-32955?
How severe is CVE-2022-32955?
How do I fix CVE-2022-32955?
Are you affected by CVE-2022-32955?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST