DMA transactions which are targeted at input buffers used for the AhciBusDxe software SMI handler could cause SMRAM corruption (a TOCTOU attack). DMA transactions which are targeted at input buffers used for the software SMI handler used by the AhciBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group, Fixed in kernel 5.2: 05.27.23, kernel 5.3: 05.36.23, kernel 5.4: 05.44.23, kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022047
References
Link | Resource |
---|---|
https://www.insyde.com/security-pledge | Vendor Advisory |
https://www.insyde.com/security-pledge/SA-2022047 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2022-11-15 00:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-33905
Mitre link : CVE-2022-33905
CVE.ORG link : CVE-2022-33905
JSON object : View
Products Affected
insyde
- kernel
CWE
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition