Insyde's Security Pledge
Recent Security Advisories
INSYDE-SA-2022056
Product
CVSS Score
Original Date
Last Revised
InsydeH2O
7.4
2022-11-08
Summary
DMA attacks on the parameter buffer used by the VariableRuntimeDxe software SMI handler could lead to a TOCTOU attack.
Vulnerability Details
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L
DMA attacks on the parameter buffer used by the software SMI handler used by the driver VariableRuntimeDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of SMRAM. This issue was discovered by Insyde engineering during a security review. This issue is fixed in:
Solution Information
Kernel 5.4: 05.44.23
Kernel 5.5: 05.52.23
Acknowledgements
Revision History
Revision #
Date
Description
1
2022-11-08
Initial Release