7 - CVE-2022-33909

Executive Summary

Informations
Name	CVE-2022-33909	First vendor Publication	2022-11-15
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score	7
Base Score	7	Environmental Score	7
impact SubScore	5.9	Temporal Score	7
Exploitabality Sub Score	1

Attack Vector	Local	Attack Complexity	High
Privileges Required	Low	User Interaction	None
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	N/A	Attack Range	N/A
Cvss Impact Score	N/A	Attack Complexity	N/A
Cvss Expoit Score	N/A	Authentication	N/A
Calculate full CVSS 2.0 Vectors scores

Detail

DMA transactions which are targeted at input buffers used for the HddPassword software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the HddPassword driver could cause SMRAM corruption through a TOCTOU attack..This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022051

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33909

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-367	Time-of-check Time-of-use (TOCTOU) Race Condition

CPE : Common Platform Enumeration

Type	Description	Count
Application	Insyde Kernel cpe:2.3:a:insyde:kernel::::::::	1
Os	Insyde Kernel cpe:2.3:o:insyde:kernel:5.5:::::::* cpe:2.3:o:insyde:kernel:5.4:::::::* cpe:2.3:o:insyde:kernel:5.3:::::::* cpe:2.3:o:insyde:kernel:5.2:::::::* cpe:2.3:o:insyde:kernel:5.1:::::::* cpe:2.3:o:insyde:kernel:5.0:::::::* cpe:2.3:o:insyde:kernel::::::::	7

Sources (Detail)

https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2022051

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 14:12:55	Multiple Updates
2023-08-03 02:15:12	Multiple Updates
2022-11-23 21:27:18	Multiple Updates
2022-11-18 21:27:15	Multiple Updates
2022-11-16 02:07:52	Multiple Updates
2022-11-16 02:06:41	Multiple Updates
2022-11-15 17:27:12	Multiple Updates
2022-11-15 05:27:13	First insertion

Type	Count
CWE ID(s)	1
CPE ID(s)	8
Sources(s)	2

7 - CVE-2022-33909

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Sources (Detail)

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU