Insyde Security Advisory 2023002

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2023002 Software CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 8.2 02/14/2023 02/14/2023

Summary:

DMA attacks on the FwBlockServiceSmm shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges.

Vulnerability Details

CVE-2022-32470

DMA attacks on the FwBlockServiceSmm shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. This issue was discovered by Insyde engineering. This issue was fixed in the kernel:

Kernel 5.2: 05.27.27
Kernel 5.3: 05.36.27
Kernel 5.4: 05.44.27
Kernel 5.5: 05.52.27

CWE-367

Revision History:

Revision Date Description
1.0 02/14/2023 Initial Release
-- -- --

Return to Insyde's Security Pledge