CVE-2022-33908

Name of the Vulnerable Software and Affected Versions SdHostDriver driver versions prior to kernel 5.2: 05.27.25 SdHostDriver driver versions prior to kernel 5.3: 05.36.25 SdHostDriver driver versions prior to kernel 5.4: 05.44.25 SdHostDriver driver versions prior to kernel 5.5: 05.52.25

Description The issue is related to DMA transactions targeted at input buffers used for the SdHostDriver software SMI handler, which could cause SMRAM corruption through a TOCTOU attack. This was discovered by Insyde engineering based on a description provided by Intel's iSTARE group.

Recommendations For versions prior to kernel 5.2: 05.27.25, update to kernel 5.2: 05.27.25 or later. For versions prior to kernel 5.3: 05.36.25, update to kernel 5.3: 05.36.25 or later. For versions prior to kernel 5.4: 05.44.25, update to kernel 5.4: 05.44.25 or later. For versions prior to kernel 5.5: 05.52.25, update to kernel 5.5: 05.52.25 or later.