PT-2022-21901 · Insyde · Insydeh2O
Published
2022-11-14
·
Updated
2022-11-18
·
CVE-2022-33909
CVSS v3.1
7.0
High
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
InsydeH20 kernel versions prior to 05.27.23
InsydeH20 kernel versions prior to 05.36.23
InsydeH20 kernel versions prior to 05.44.23
InsydeH20 kernel versions prior to 05.52.23
Description
DMA transactions targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a Time-of-Check-to-Time-of-Use (TOCTOU) attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group.
Recommendations
For kernel version 5.2, update to version 05.27.23 or later.
For kernel version 5.3, update to version 05.36.23 or later.
For kernel version 5.4, update to version 05.44.23 or later.
For kernel version 5.5, update to version 05.52.23 or later.
Fix
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Insydeh2O