| Vulnerability Name: | CVE-2022-33905 (CCN-240362) | ||||||||||||
| Assigned: | 2022-11-08 | ||||||||||||
| Published: | 2022-11-08 | ||||||||||||
| Updated: | 2022-11-18 | ||||||||||||
| Summary: | DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group, Fixed in kernel 5.2: 05.27.23, kernel 5.3: 05.36.23, kernel 5.4: 05.44.23, kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022047 | ||||||||||||
| CVSS v3 Severity: | 7.0 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) 6.1 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 6.0 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-367 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-33905 Source: XF Type: UNKNOWN insyde-cve202233905-code-exec(240362) Source: CCN Type: Insyde Security Advisory 2022047 Insyde Security Advisory 2022047 | ||||||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||