How severe is CVE-2022-34325?

CVE-2022-34325 has a CVSS v3 score of 7.8 (HIGH).

CVE-2022-34325

Name: insydeh2o
Author: insyde

7.8HIGH

DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are target

公開日: 11/14/2022更新日: 4/30/2025

説明

DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by

AI分析AIによる分析

影響を受ける製品

insydeinsydeh2o

参照

https://www.insyde.com/security-pledge
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2022057
Vendor Advisory
https://www.insyde.com/security-pledge
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2022057
Vendor Advisory