How severe is CVE-2022-34325?

CVE-2022-34325 has a CVSS v3 score of 7.8 (HIGH).

CVE-2022-34325

Name: insydeh2o
Author: insyde

7.8HIGH

DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are target

发布于: 11/14/2022更新于: 4/30/2025

描述

DMA transactions which are targeted at input buffers used for the StorageSecurityCommandDxe software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the StorageSecurityCommandDxe driver could cause SMRAM corruption. This issue was discovered by Insyde engineering based on the general description provided by

AI分析AI驱动

受影响产品

insydeinsydeh2o

参考资料

https://www.insyde.com/security-pledge
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2022057
Vendor Advisory
https://www.insyde.com/security-pledge
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2022057
Vendor Advisory