Insyde Security Advisory 2023008

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2023008 Software CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 7.5 02/14/2023 02/14/2023

Summary:

DMA attacks on the AhciBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges.

Vulnerability Details

CVE-2022-32476

DMA attacks on the AhciBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. This issue was discovered by Insyde engineering. This issue was fixed in the kernel versions below:

Kernel 5.0: 05.09.38
Kernel 5.1: 05.17.42
Kernel 5.2: 05.27.38
Kernel 5.3: 05.36.38
Kernel 5.4: 05.44.38
Kernel 5.5: 05.52.38

CWE-367

Revision History:

Revision Date Description
1.0 02/14/2023 Initial Release
-- -- --

Return to Insyde's Security Pledge