CVE-2022-33983

Name of the Vulnerable Software and Affected Versions NvmExpressLegacy driver versions prior to kernel 5.2: 05.27.25 NvmExpressLegacy driver versions prior to kernel 5.3: 05.36.25 NvmExpressLegacy driver versions prior to kernel 5.4: 05.44.25 NvmExpressLegacy driver versions prior to kernel 5.5: 05.52.25

Description DMA transactions targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a Time-of-Check-to-Time-of-Use (TOCTOU) attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group.

Recommendations For kernel 5.2, update to version 05.27.25 or later. For kernel 5.3, update to version 05.36.25 or later. For kernel 5.4, update to version 05.44.25 or later. For kernel 5.5, update to version 05.52.25 or later.