Lucene search
MitreCVELIST:CVE-2022-32470HistoryFeb 15, 2023 - 12:00 a.m.
CVE-2022-32470
2023-02-1500:00:00
mitre
www.cve.org
insydeh2o
kernel 5.0
kernel 5.5
dma attacks
fwblockservicesmm
toctou race-condition
smram
escalation of privileges
iommu protection
acpi runtime memory
0.0004 Low
EPSS
Percentile
9.2%
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FwBlockServiceSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it.
Related
cve
cve
CVE-2022-32470
2023-02-15 03:15:09
prion
prion
Race condition
2023-02-15 03:15:00
nessus
nessus
Siemens InsydeH2O Time-of-check Time-of-use Race Condition (CVE-2022-32470)
2023-09-26 00:00:00
nvd
nvd
CVE-2022-32470
2023-02-15 03:15:09
ics
ics
Siemens RUGGEDCOM APE1808 Product Family
2023-03-21 12:00:00
Siemens RUGGEDCOM APE1808 Product Family
2023-09-14 12:00:00