Vulnerability Description
DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DMA transactions which are targeted at input buffers used for the software SMI handler used by the SmmResourceCheckDxe driver could cause SMRAM corruption through a TOCTOU attack... This issue was discovered by Insyde engineering. Fixed in kernel Kernel 5.2: 05.27.23. Kernel 5.3: 05.36.23. Kernel 5.4: 05.44.23. Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022046
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Insyde | Kernel | >= 5.2, < 5.2.05.27.23 |
Related Weaknesses (CWE)
References
- https://www.insyde.com/security-pledgeVendor Advisory
- https://www.insyde.com/security-pledge/SA-2022046Vendor Advisory
- https://www.insyde.com/security-pledgeVendor Advisory
- https://www.insyde.com/security-pledge/SA-2022046Vendor Advisory
FAQ
What is CVE-2022-32267?
CVE-2022-32267 is a vulnerability with a CVSS score of 6.4 (MEDIUM). DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DMA transactions which are targeted at input buffers...
How severe is CVE-2022-32267?
CVE-2022-32267 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-32267?
Check the references section above for vendor advisories and patch information. Affected products include: Insyde Kernel.