CVE-2022-32266Out-of-bounds Write in Kernel

CWE-787Out-of-bounds WriteCWE-367Time-of-check Time-of-use (TOCTOU) Race Condition3 documents3 sources
Severity
6.4MEDIUMNVD
EPSS
0.1%
top 84.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Insyde Kernel
Timeline
PublishedNov 14
Latest updateNov 15

Description

DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and lead to corruption of other ACPI fields and adjacent memory fields. The attack would require detailed knowledge of the PCD database co

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages1 packages

NVDinsyde/kernel5.35.3.05.36.23+2

🔴Vulnerability Details

2
GHSA
GHSA-j8q4-3cww-3fwm: DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and l2022-11-15
CVEList
CVE-2022-32266: DMA attacks on the parameter buffer used by a software SMI handler used by the driver PcdSmmDxe could lead to a TOCTOU attack on the SMI handler and l2022-11-14
CVE-2022-32266 — Out-of-bounds Write in Insyde Kernel | cvebase