First published: Wed Feb 15 2023(Updated: )
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This issue was fixed in the kernel, which also protected chipset and OEM chipset code.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Insyde InsydeH2O | >=5.0<5.2.05.27.27 | |
Insyde InsydeH2O | >=5.3<5.3.05.36.27 | |
Insyde InsydeH2O | >=5.4<5.4.05.44.27 | |
Insyde InsydeH2O | >=5.5<5.5.05.52.27 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2022-32475.
CVE-2022-32475 has a severity rating of high.
CVE-2022-32475 affects the Insyde InsydeH2O software versions 5.0 through 5.5.
CVE-2022-32475 can lead to corruption of SMRAM and escalation of privileges.
The issue has been fixed in the kernel of Insyde InsydeH2O software.