PT-2022-21897 · Insyde · Ahcibusdxe
Published
2022-11-14
·
Updated
2022-11-18
·
CVE-2022-33905
CVSS v3.1
7.0
High
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
AhciBusDxe driver versions prior to kernel 5.2: 05.27.23
AhciBusDxe driver versions prior to kernel 5.3: 05.36.23
AhciBusDxe driver versions prior to kernel 5.4: 05.44.23
AhciBusDxe driver versions prior to kernel 5.5: 05.52.23
Description
The issue is related to DMA transactions targeting input buffers used by the AhciBusDxe software SMI handler, which could cause SMRAM corruption through a Time-of-Check-to-Time-of-Use (TOCTOU) attack. This was discovered by Insyde engineering based on a description provided by Intel's iSTARE group.
Recommendations
For versions prior to kernel 5.2: 05.27.23, update to kernel 5.2: 05.27.23 or later.
For versions prior to kernel 5.3: 05.36.23, update to kernel 5.3: 05.36.23 or later.
For versions prior to kernel 5.4: 05.44.23, update to kernel 5.4: 05.44.23 or later.
For versions prior to kernel 5.5: 05.52.23, update to kernel 5.5: 05.52.23 or later.
Fix
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ahcibusdxe