CVE-2022-33985

Name of the Vulnerable Software and Affected Versions NvmExpressDxe driver versions prior to kernel 5.2: 05.27.25 NvmExpressDxe driver versions prior to kernel 5.3: 05.36.25 NvmExpressDxe driver versions prior to kernel 5.4: 05.44.25 NvmExpressDxe driver versions prior to kernel 5.5: 05.52.25

Description DMA transactions targeted at input buffers used for the NvmExpressDxe software SMI handler could cause SMRAM corruption through a Time-of-Check-to-Time-of-Use (TOCTOU) attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group.

Recommendations For versions prior to kernel 5.2: 05.27.25, update to kernel 5.2: 05.27.25 or later. For versions prior to kernel 5.3: 05.36.25, update to kernel 5.3: 05.36.25 or later. For versions prior to kernel 5.4: 05.44.25, update to kernel 5.4: 05.44.25 or later. For versions prior to kernel 5.5: 05.52.25, update to kernel 5.5: 05.52.25 or later.