PT-2022-21944 · Insyde · Int15Servicesmm
Published
2022-11-14
·
Updated
2023-02-14
·
CVE-2022-33982
CVSS v3.1
6.4
Medium
| Vector | AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Int15ServiceSmm software SMI handler versions prior to Kernel 5.2: 05.27.23
Int15ServiceSmm software SMI handler versions prior to Kernel 5.3: 05.36.23
Int15ServiceSmm software SMI handler versions prior to Kernel 5.4: 05.44.23
Int15ServiceSmm software SMI handler versions prior to Kernel 5.5: 05.52.23
Description
DMA attacks on the
parameter buffer used by the Int15ServiceSmm software SMI handler could lead to a TOCTOU attack on the SMI handler and result in corruption of SMRAM. This issue was discovered during a security review by Insyde engineering.Recommendations
For versions prior to Kernel 5.2: 05.27.23, update to Kernel 5.2: 05.27.23 or later.
For versions prior to Kernel 5.3: 05.36.23, update to Kernel 5.3: 05.36.23 or later.
For versions prior to Kernel 5.4: 05.44.23, update to Kernel 5.4: 05.44.23 or later.
For versions prior to Kernel 5.5: 05.52.23, update to Kernel 5.5: 05.52.23 or later.
Fix
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Int15Servicesmm