CVE-2022-32267Time-of-check Time-of-use (TOCTOU) Race Condition in Kernel

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition3 documents3 sources
Severity
6.4MEDIUMNVD
EPSS
0.0%
top 88.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Insyde Kernel
Timeline
PublishedNov 15

Description

DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DMA transactions which are targeted at input buffers used for the software SMI handler used by the SmmResourceCheckDxe driver could cause SMRAM corruption through a TOCTOU attack... This issue was discovered by Insyde engineering. Fixed in kernel Kernel 5.2: 05.27.23. Kernel 5.3: 05.36.23. Kernel 5.4: 05.44.23. Kernel 5.5: 05.52.23 https://www.insyde

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages1 packages

NVDinsyde/kernel5.25.2.05.27.23+3

🔴Vulnerability Details

2
GHSA
GHSA-v3w9-w5cx-hw5m: DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DM2022-11-15
CVEList
CVE-2022-32267: DMA transactions which are targeted at input buffers used for the SmmResourceCheckDxe software SMI handler cause SMRAM corruption (a TOCTOU attack) DM2022-11-14
CVE-2022-32267 — Insyde Kernel vulnerability | cvebase