CVE-2022-30773Time-of-check Time-of-use (TOCTOU) Race Condition in Kernel

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition3 documents3 sources
Severity
6.4MEDIUMNVD
EPSS
0.0%
top 88.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Insyde Kernel
Timeline
PublishedNov 14
Latest updateNov 15

Description

DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). This issue was discovered by Insyde engineering. This issue is fixed in Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23. CWE-367

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages1 packages

NVDinsyde/kernel5.45.4.05.44.23+1

🔴Vulnerability Details

2
GHSA
GHSA-w9hw-r557-9gv3: DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are2022-11-15
CVEList
CVE-2022-30773: DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are2022-11-14
CVE-2022-30773 — Insyde Kernel vulnerability | cvebase