How severe is CVE-2022-34325?

CVE-2022-34325 has a CVSS v3 score of 7.8 (HIGH).

CVE-2022-34325

Name: insydeh2o
Author: insyde

7.8HIGH

DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are target

Publicado: 11/14/2022Atualizado: 4/30/2025

Descrição

DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by

Análise IADesenvolvido por IA

Produtos Afetados

insydeinsydeh2o

Referências

https://www.insyde.com/security-pledge
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2022057
Vendor Advisory
https://www.insyde.com/security-pledge
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2022057
Vendor Advisory