Insyde Security Advisory 2023010

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2023010 Software CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H 7.5 02/14/2023 02/14/2023

Summary:

DMA attacks on the IdeBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges.

Vulnerability Details

CVE-2022-32478

DMA attacks on the IdeBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. This issue was discovered by Insyde engineering. This issue was fixed in the kernel versions below:

Kernel 5.0: 05.09.42
Kernel 5.1: 05.17.42
Kernel 5.2: 05.27.38
Kernel 5.3: 05.36.38
Kernel 5.4: 05.44.38
Kernel 5.5: Not affected

CWE-367

Revision History:

Revision Date Description
1.0 02/14/2023 Initial Release
-- -- --

Return to Insyde's Security Pledge