How severe is CVE-2022-34325?

CVE-2022-34325 has a CVSS v3 score of 7.8 (HIGH).

CVE-2022-34325

Name: insydeh2o
Author: insyde

7.8HIGH

DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are target

Veröffentlicht: 11/14/2022Aktualisiert: 4/30/2025

Beschreibung

DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by

KI-AnalyseKI-gestützt

Betroffene Produkte

insydeinsydeh2o

Referenzen

https://www.insyde.com/security-pledge
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2022057
Vendor Advisory
https://www.insyde.com/security-pledge
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2022057
Vendor Advisory