Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2022057

Product

CVSS Score

Original Date

Last Revised

InsydeH2O

7.8

2022-11-08

Summary

DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack.

Vulnerability Details

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CVE-2022-34325

DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by Intel’s iSTARE group. Fixed in:

Solution Information

Kernel 5.2: 05.27.23
Kernel 5.3: 05.36.23
Kernel 5.4: 05.44.23
Kernel 5.5: 05.52.23

Acknowledgements

Revision History

Revision #

Date

Description

2022-11-08

Initial Release

< Back to Security Pledge