Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2023003

Product

CVSS Score

Original Date

Last Revised

InsydeH2O

8.2

2023-02-14

Summary

DMA attacks on the IHISI command buffer could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges.

Vulnerability Details

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2022-32471

DMA attacks on the IHISI command buffer could cause TOCTOU issues which could lead to corruption of SMRAM and escalation of privileges. This issue was discovered by Insyde engineering. This issue was fixed in the kernel versions below, which also protects chipset and OEM chipset IHISI functions:

Solution Information

Kernel 5.2: 05.27.37
Kernel 5.3: 05.36.37
Kernel 5.4: 05.44.45
Kernel 5.5: 05.52.45

CWE-367

Acknowledgements

Revision History

Revision #

Date

Description

2023-02-14

Initial Release

< Back to Security Pledge