How severe is CVE-2022-34325?

CVE-2022-34325 has a CVSS v3 score of 7.8 (HIGH).

CVE-2022-34325

Name: insydeh2o
Author: insyde

7.8HIGH

DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are target

Published: 11/14/2022Updated: 4/30/2025

Description

DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by

AI AnalysisPowered by AI

Affected Products

insydeinsydeh2o

References

https://www.insyde.com/security-pledge
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2022057
Vendor Advisory
https://www.insyde.com/security-pledge
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2022057
Vendor Advisory