CVE-2022-31243

Name of the Vulnerable Software and Affected Versions FvbServicesRuntimeDxe driver versions prior to Kernel 5.2: 05.27.21 FvbServicesRuntimeDxe driver versions prior to Kernel 5.3: 05.36.21 FvbServicesRuntimeDxe driver versions prior to Kernel 5.4: 05.44.21 FvbServicesRuntimeDxe driver versions prior to Kernel 5.5: 05.52.21

Description DMA transactions targeted at input buffers used for the software SMI handler in the FvbServicesRuntimeDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group.

Recommendations For versions prior to Kernel 5.2: 05.27.21, update to Kernel 5.2: 05.27.21 or later. For versions prior to Kernel 5.3: 05.36.21, update to Kernel 5.3: 05.36.21 or later. For versions prior to Kernel 5.4: 05.44.21, update to Kernel 5.4: 05.44.21 or later. For versions prior to Kernel 5.5: 05.52.21, update to Kernel 5.5: 05.52.21 or later.