Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2022044

Product

CVSS Score

Original Date

Last Revised

InsydeH2O

7.5

2022-11-08

Summary

DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption (a TOCTOU attack).

Vulnerability Details

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-31243

DMA transactions which are targeted at input buffers used for the software SMI handler used by the FvbServicesRuntimeDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group.

Solution Information

Kernel 5.2: 05.27.21
Kernel 5.3: 05.36.21
Kernel 5.4: 05.44.21
Kernel 5.5: 05.52.21

Acknowledgements

Revision History

Revision #

Date

Description

1

2022-11-08

Initial Release