CVE-2022-30773

DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). DMA attacks on the parameter buffer used by the IhisiSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack). This issue was discovered by Insyde engineering. This issue is fixed in Kernel 5.4: 05.44.23 and Kernel 5.5: 05.52.23. CWE-367

Published: Nov 14, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-30773
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.4
AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-367

Affected Software
References

Software	From	Fixed in
insyde / kernel	5.5	5.5.05.52.23
insyde / kernel	5.4	5.4.05.44.23

https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2022042

Vulnerability Database

289,697

CVE-2022-30773