Overview
- Description
- DMA transactions which are targeted at input buffers used for the NvmExpressLegacy software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the NvmExpressLegacy driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. This issue was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022053
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7
- Impact score
- 5.9
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- nvd@nist.gov
- CWE-367
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D27D786B-7905-4963-8919-C06B53FF1BE7",
"versionEndExcluding": "5.2.05.27.25",
"versionStartIncluding": "5.2"
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D80AAA27-6BBB-4476-9A8B-75C838DD3CB3",
"versionEndExcluding": "5.3.05.36.25",
"versionStartIncluding": "5.3"
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6F161D09-7811-4B26-914E-C082D86044A4",
"versionEndExcluding": "5.4.05.44.25",
"versionStartIncluding": "5.4"
},
{
"criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9AEA99AC-5827-430B-97AD-35178056390C",
"versionEndExcluding": "5.5.05.52.25",
"versionStartIncluding": "5.5"
}
],
"operator": "OR"
}
]
}
]