7 - CVE-2022-33984

Executive Summary

Informations
Name	CVE-2022-33984	First vendor Publication	2022-11-15
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score	7
Base Score	7	Environmental Score	7
impact SubScore	5.9	Temporal Score	7
Exploitabality Sub Score	1

Attack Vector	Local	Attack Complexity	High
Privileges Required	Low	User Interaction	None
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	N/A	Attack Range	N/A
Cvss Impact Score	N/A	Attack Complexity	N/A
Cvss Expoit Score	N/A	Authentication	N/A
Calculate full CVSS 2.0 Vectors scores

Detail

DMA transactions which are targeted at input buffers used for the SdMmcDevice software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdMmcDevice driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. This was fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05.52.25 https://www.insyde.com/security-pledge/SA-2022054

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33984

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-367	Time-of-check Time-of-use (TOCTOU) Race Condition

CPE : Common Platform Enumeration

Type	Description	Count
Application	Insyde Kernel cpe:2.3:a:insyde:kernel::::::::	1
Os	Insyde Kernel cpe:2.3:o:insyde:kernel:5.5:::::::* cpe:2.3:o:insyde:kernel:5.4:::::::* cpe:2.3:o:insyde:kernel:5.3:::::::* cpe:2.3:o:insyde:kernel:5.2:::::::* cpe:2.3:o:insyde:kernel:5.1:::::::* cpe:2.3:o:insyde:kernel:5.0:::::::* cpe:2.3:o:insyde:kernel::::::::	7

Sources (Detail)

https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf
https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2022054

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 14:12:59	Multiple Updates
2023-08-03 02:15:15	Multiple Updates
2023-02-14 17:27:33	Multiple Updates
2022-11-23 21:27:18	Multiple Updates
2022-11-18 02:11:07	Multiple Updates
2022-11-16 02:07:52	Multiple Updates
2022-11-16 02:06:44	Multiple Updates
2022-11-15 17:27:12	Multiple Updates
2022-11-15 05:27:13	First insertion

Type	Count
CWE ID(s)	1
CPE ID(s)	8
Sources(s)	3

7 - CVE-2022-33984

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Sources (Detail)

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU