CVE-2022-30774Time-of-check Time-of-use (TOCTOU) Race Condition in Kernel

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition3 documents3 sources
Severity
6.4MEDIUMNVD
EPSS
0.1%
top 83.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Insyde Kernel
Timeline
PublishedNov 15

Description

DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) . This issue was discovered by Insyde engineering during a security review. This iss was fixed in Kernel 5.2: 05.27.29, Kernel 5.3: 05.36.25, Kernel 5.4: 05

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages1 packages

NVDinsyde/kernel5.25.2.05.27.29+3

🔴Vulnerability Details

2
GHSA
GHSA-5529-988r-7c93: DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are u2022-11-15
CVEList
CVE-2022-30774: DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are u2022-11-14
CVE-2022-30774 — Insyde Kernel vulnerability | cvebase