CVE-2022-32471

An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. The IhisiDxe driver uses the command buffer to pass input and output data. By modifying the command buffer contents with DMA after the input parameters have been checked but before they are used, the IHISI SMM code may be convinced to modify SMRAM or OS, leading to possible data corruption or escalation of privileges.

CVSS v3 7.0 HIGH

7.0^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.insyde.com/security-pledge	Vendor Advisory
https://www.insyde.com/security-pledge/SA-2023003	Vendor Advisory
https://www.insyde.com/security-pledge	Vendor Advisory
https://www.insyde.com/security-pledge/SA-2023003	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:insyde:insydeh2o::::::::
	cpe:2.3:a:insyde:insydeh2o::::::::
	cpe:2.3:a:insyde:insydeh2o::::::::
	cpe:2.3:a:insyde:insydeh2o::::::::

History

21 Nov 2024, 07:06

Type	Values Removed	Values Added
Summary		(es) Se descubrió un problema en IhisiSmm en Insyde InsydeH2O con kernel 5.0 a 5.5. El controlador IhisiDxe utiliza el búfer de comandos para pasar datos de entrada y salida. Al modificar el contenido del búfer de comandos con DMA después de que se hayan verificado los parámetros de entrada pero antes de usarlos, se puede convencer al código IHISI SMM de que modifique SMRAM o OS, lo que provocará una posible corrupción de datos o una escalada de privilegios.
References	~~() https://www.insyde.com/security-pledge - Vendor Advisory~~	() https://www.insyde.com/security-pledge - Vendor Advisory
References	~~() https://www.insyde.com/security-pledge/SA-2023003 - Vendor Advisory~~	() https://www.insyde.com/security-pledge/SA-2023003 - Vendor Advisory

Information

Published : 2023-02-15 02:15

Updated : 2024-11-21 07:06

NVD link : CVE-2022-32471

Mitre link : CVE-2022-32471

CVE.ORG link : CVE-2022-32471

JSON object : View

Products Affected

insyde

insydeh2o

CWE

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

{"id": "CVE-2022-32471", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2023-02-15T02:15:09.623", "references": [{"url": "https://www.insyde.com/security-pledge", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.insyde.com/security-pledge/SA-2023003", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.insyde.com/security-pledge", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.insyde.com/security-pledge/SA-2023003", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-367"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. The IhisiDxe driver uses the command buffer to pass input and output data. By modifying the command buffer contents with DMA after the input parameters have been checked but before they are used, the IHISI SMM code may be convinced to modify SMRAM or OS, leading to possible data corruption or escalation of privileges."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en IhisiSmm en Insyde InsydeH2O con kernel 5.0 a 5.5. El controlador IhisiDxe utiliza el b\u00fafer de comandos para pasar datos de entrada y salida. Al modificar el contenido del b\u00fafer de comandos con DMA despu\u00e9s de que se hayan verificado los par\u00e1metros de entrada pero antes de usarlos, se puede convencer al c\u00f3digo IHISI SMM de que modifique SMRAM o OS, lo que provocar\u00e1 una posible corrupci\u00f3n de datos o una escalada de privilegios."}], "lastModified": "2024-11-21T07:06:23.867", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "587C0285-0A9E-42FD-AB50-56B49B2DFF34", "versionEndExcluding": "5.2.05.27.37", "versionStartIncluding": "5.0"}, {"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79BA702A-373E-454B-B19B-68AD0C573F4F", "versionEndExcluding": "5.3.05.36.37", "versionStartIncluding": "5.3"}, {"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1ADA401A-3333-4A40-ADCA-060FC8FFEAF1", "versionEndExcluding": "5.4.05.44.45", "versionStartIncluding": "5.4"}, {"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8223C5A-5593-4F54-BDB4-D252BB4E2167", "versionEndExcluding": "5.5.05.52.45", "versionStartIncluding": "5.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}