PT-2022-20307 · Insyde · Ihisismm Driver
Published
2022-11-14
·
Updated
2025-04-30
·
CVE-2022-30773
CVSS v3.1
6.4
Medium
| Vector | AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
IhisiSmm driver versions prior to Kernel 5.4: 05.44.23
IhisiSmm driver versions prior to Kernel 5.5: 05.52.23
Description
The issue allows DMA attacks on the parameter buffer used by the IhisiSmm driver to change the contents after parameter values have been checked but before they are used, which is a Time-of-Check-to-Time-of-Use (TOCTOU) attack. This was discovered by Insyde engineering.
Recommendations
For versions prior to Kernel 5.4: 05.44.23, update to Kernel 5.4: 05.44.23 or later.
For versions prior to Kernel 5.5: 05.52.23, update to Kernel 5.5: 05.52.23 or later.
Fix
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ihisismm Driver