Vulnerability Name:

CVE-2022-33909 (CCN-240366)

Assigned:2022-11-08
Published:2022-11-08
Updated:2022-11-18
Summary:DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the HddPassword driver could cause SMRAM corruption through a TOCTOU attack..This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022051
CVSS v3 Severity:7.0 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.1 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.0 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-367
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2022-33909

Source: XF
Type: UNKNOWN
insyde-cve202233909-code-exec(240366)

Source: CCN
Type: Insyde Security Advisory 2022051
Insyde Security Advisory 2022051

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:insyde:insydeh2o:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:insyde:insydeh2o:5.3:*:*:*:*:*:*:*
  • OR cpe:/a:insyde:insydeh2o:5.4:*:*:*:*:*:*:*
  • OR cpe:/a:insyde:insydeh2o:5.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    insyde insydeh2o 5.2
    insyde insydeh2o 5.3
    insyde insydeh2o 5.4
    insyde insydeh2o 5.5