FKIE_CVE-2022-30774

Vulnerability from fkie_nvd - Published: 2022-11-15 00:15 - Updated: 2025-04-30 20:15
Severity ?
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) . This issue was discovered by Insyde engineering during a security review. This iss was fixed in Kernel 5.2: 05.27.29, Kernel 5.3: 05.36.25, Kernel 5.4: 05.44.25, Kernel 5.5: 05.52.25. CWE-367 https://www.insyde.com/security-pledge/SA-2022043
References
cve@mitre.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf
cve@mitre.orghttps://www.insyde.com/security-pledgeVendor Advisory
cve@mitre.orghttps://www.insyde.com/security-pledge/SA-2022043Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf
af854a3a-2127-422b-91ae-364da2661108https://www.insyde.com/security-pledgeVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.insyde.com/security-pledge/SA-2022043Vendor Advisory
Impacted products
Vendor Product Version
insyde kernel *
insyde kernel *
insyde kernel *
insyde kernel *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3AD2F03-B15B-41F0-899F-075A1BD9DF30",
              "versionEndExcluding": "5.2.05.27.29",
              "versionStartIncluding": "5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D80AAA27-6BBB-4476-9A8B-75C838DD3CB3",
              "versionEndExcluding": "5.3.05.36.25",
              "versionStartIncluding": "5.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F161D09-7811-4B26-914E-C082D86044A4",
              "versionEndExcluding": "5.4.05.44.25",
              "versionStartIncluding": "5.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:insyde:kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AEA99AC-5827-430B-97AD-35178056390C",
              "versionEndExcluding": "5.5.05.52.25",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) . This issue was discovered by Insyde engineering during a security review. This iss was fixed in Kernel 5.2: 05.27.29, Kernel 5.3: 05.36.25, Kernel 5.4: 05.44.25, Kernel 5.5: 05.52.25. CWE-367 https://www.insyde.com/security-pledge/SA-2022043"
    },
    {
      "lang": "es",
      "value": "Los ataques DMA al b\u00fafer de par\u00e1metros utilizado por el controlador PnpSmm podr\u00edan cambiar el contenido despu\u00e9s de que se hayan verificado los valores de los par\u00e1metros, pero antes de que se utilicen (un ataque TOCTOU). Los ataques DMA al b\u00fafer de par\u00e1metros utilizado por el controlador PnpSmm podr\u00edan cambiar el contenido despu\u00e9s de que se hayan verificado los valores de los par\u00e1metros han sido verificados pero antes de ser utilizados (un ataque TOCTOU). Este problema fue descubierto por la ingenier\u00eda de Insyde durante una revisi\u00f3n de seguridad. Este problema se solucion\u00f3 en Kernel 5.2: 05.27.29, Kernel 5.3: 05.36.25, Kernel 5.4: 05.44.25, Kernel 5.5: 05.52.25. CWE-367 https://www.insyde.com/security-pledge/SA-2022043"
    }
  ],
  "id": "CVE-2022-30774",
  "lastModified": "2025-04-30T20:15:17.143",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-11-15T00:15:09.823",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.insyde.com/security-pledge"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.insyde.com/security-pledge/SA-2022043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.insyde.com/security-pledge"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.insyde.com/security-pledge/SA-2022043"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-367"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-367"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.