cve-2022-32476
Vulnerability from cvelistv5
Published
2023-02-15 00:00
Modified
2024-08-03 07:39
Severity ?
EPSS score ?
Summary
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the AhciBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it.
References
▼ | URL | Tags | |
---|---|---|---|
cve@mitre.org | https://www.insyde.com/security-pledge | Vendor Advisory | |
cve@mitre.org | https://www.insyde.com/security-pledge/SA-2023008 | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge | Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.insyde.com/security-pledge/SA-2023008 | Vendor Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:39:51.115Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.insyde.com/security-pledge" }, { "tags": [ "x_transferred" ], "url": "https://www.insyde.com/security-pledge/SA-2023008" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the AhciBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-15T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.insyde.com/security-pledge" }, { "url": "https://www.insyde.com/security-pledge/SA-2023008" } ], "source": { "discovery": "INTERNAL" } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-32476", "datePublished": "2023-02-15T00:00:00", "dateReserved": "2022-06-06T00:00:00", "dateUpdated": "2024-08-03T07:39:51.115Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2022-32476\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-02-15T03:15:10.177\",\"lastModified\":\"2024-11-21T07:06:24.440\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the AhciBusDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 un problema en Insyde InsydeH2O con los kernels 5.0 a 5.5. Los ataques de DMA al b\u00fafer compartido AhciBusDxe utilizado por el c\u00f3digo SMM y no SMM podr\u00edan causar problemas de condiciones de ejecuci\u00f3n de TOCTOU que podr\u00edan conducir a la corrupci\u00f3n de SMRAM y a una escalada de privilegios. Este ataque se puede mitigar utilizando la protecci\u00f3n IOMMU para la memoria de ejecuci\u00f3n ACPI utilizada para el b\u00fafer de comandos. Este ataque se puede mitigar copiando los datos de los servicios del bloque de firmware en SMRAM antes de verificarlos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-367\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0\",\"versionEndExcluding\":\"5.2.05.27.27\",\"matchCriteriaId\":\"D6C3C426-2AC3-4262-8D21-DCB1E917982A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.3\",\"versionEndExcluding\":\"5.3.05.36.27\",\"matchCriteriaId\":\"BDA39709-236A-4508-BCD7-5A73BC9C4755\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4\",\"versionEndExcluding\":\"5.4.05.44.27\",\"matchCriteriaId\":\"F3205474-FF44-4F1B-BA6D-5572F4C76096\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.5.05.52.27\",\"matchCriteriaId\":\"DBCE8A4F-8DD2-46E4-BCFA-ACDB1CFD555E\"}]}]}],\"references\":[{\"url\":\"https://www.insyde.com/security-pledge\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.insyde.com/security-pledge/SA-2023008\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.insyde.com/security-pledge\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.insyde.com/security-pledge/SA-2023008\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.