CVE-2022-33909

DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the HddPassword driver could cause SMRAM corruption through a TOCTOU attack..This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022051

Published: Nov 15, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-33909
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-367

Affected Software
References

Software	From	Fixed in
insyde / kernel	5.5	5.5.05.52.23
insyde / kernel	5.4	5.4.05.44.23
insyde / kernel	5.2	5.2.05.27.23
insyde / kernel	5.3	5.3.05.36.23

https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2022051

Vulnerability Database

289,697

CVE-2022-33909