CVE-2022-33907Time-of-check Time-of-use (TOCTOU) Race Condition in Kernel

CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition3 documents3 sources
Severity
6.4MEDIUMNVD
EPSS
0.1%
top 83.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Insyde Kernel
Timeline
PublishedNov 14
Latest updateNov 15

Description

DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack... DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3:

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages1 packages

NVDinsyde/kernel5.25.2.05.27.25+2

🔴Vulnerability Details

2
GHSA
GHSA-fh27-97r5-49gq: DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption throu2022-11-15
CVEList
CVE-2022-33907: DMA transactions which are targeted at input buffers used for the software SMI handler used by the IdeBusDxe driver could cause SMRAM corruption throu2022-11-14
CVE-2022-33907 — Insyde Kernel vulnerability | cvebase