CVE-2022-32475 - Vulnerability Details - OpenCVE

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This issue was fixed in the kernel, which also protected chipset and OEM chipset code.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Insyde	Insydeh2o

Configuration 1 [-]

OR	cpe:2.3:a:insyde:insydeh2o::::::::
	cpe:2.3:a:insyde:insydeh2o::::::::
	cpe:2.3:a:insyde:insydeh2o::::::::
	cpe:2.3:a:insyde:insydeh2o::::::::

No data.

References

Link	Providers
https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2023007

History

Mon, 05 May 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-02-15T00:00:00.000Z

Updated: 2025-05-05T16:16:08.295Z

Reserved: 2022-06-06T00:00:00.000Z

Link: CVE-2022-32475

Vulnrichment

Updated: 2024-08-03T07:39:51.219Z

NVD

Status : Modified

Published: 2023-02-15T14:15:11.950

Modified: 2025-05-05T17:18:14.633

Link: CVE-2022-32475

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-32475", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-05-05T16:16:08.295Z", "dateReserved": "2022-06-06T00:00:00.000Z", "datePublished": "2023-02-15T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-02-15T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This issue was fixed in the kernel, which also protected chipset and OEM chipset code."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.insyde.com/security-pledge"}, {"url": "https://www.insyde.com/security-pledge/SA-2023007"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}], "source": {"discovery": "INTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:39:51.219Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.insyde.com/security-pledge", "tags": ["x_transferred"]}, {"url": "https://www.insyde.com/security-pledge/SA-2023007", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-367", "lang": "en", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T13:29:08.297393Z", "id": "CVE-2022-32475", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T16:16:08.295Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.insyde.com/security-pledge", "tags": ["x_transferred"]}, {"url": "https://www.insyde.com/security-pledge/SA-2023007", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:39:51.219Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-32475", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-23T13:29:08.297393Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T13:07:03.911Z"}}], "cna": {"source": {"discovery": "INTERNAL"}, "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.insyde.com/security-pledge"}, {"url": "https://www.insyde.com/security-pledge/SA-2023007"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This issue was fixed in the kernel, which also protected chipset and OEM chipset code."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-02-15T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-32475", "state": "PUBLISHED", "dateUpdated": "2025-05-05T16:16:08.295Z", "dateReserved": "2022-06-06T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-02-15T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6C3C426-2AC3-4262-8D21-DCB1E917982A", "versionEndExcluding": "5.2.05.27.27", "versionStartIncluding": "5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "matchCriteriaId": "BDA39709-236A-4508-BCD7-5A73BC9C4755", "versionEndExcluding": "5.3.05.36.27", "versionStartIncluding": "5.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3205474-FF44-4F1B-BA6D-5572F4C76096", "versionEndExcluding": "5.4.05.44.27", "versionStartIncluding": "5.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBCE8A4F-8DD2-46E4-BCFA-ACDB1CFD555E", "versionEndExcluding": "5.5.05.52.27", "versionStartIncluding": "5.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This issue was fixed in the kernel, which also protected chipset and OEM chipset code."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Insyde InsydeH2O con los kernels 5.0 a 5.5. Los ataques DMA al b\u00fafer compartido VariableRuntimeDxe utilizado por el c\u00f3digo SMM y no SMM podr\u00edan causar problemas de condiciones de ejecuci\u00f3n de TOCTOU que podr\u00edan conducir a la corrupci\u00f3n de SMRAM y a la escalada de privilegios. Este problema se solucion\u00f3 en el kernel, que tambi\u00e9n proteg\u00eda el chipset y el c\u00f3digo del chipset OEM."}], "id": "CVE-2022-32475", "lastModified": "2025-05-05T17:18:14.633", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-02-15T14:15:11.950", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://www.insyde.com/security-pledge"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://www.insyde.com/security-pledge/SA-2023007"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.insyde.com/security-pledge"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.insyde.com/security-pledge/SA-2023007"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-367"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-367"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}