CVE-2022-33909 DMA transactions used by the HddPassword software SMI handler could cause SMRAM corruption.
This issue was addressed by disabling the iSMI handler for DMA transactions on the hardware which is vulnerable (see below for more details). This issue was addressed by disabling the iSMI handler for DMA transactions on the hardware which is vulnerable (see below for more details). Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23 https://www.insyde.com/security-pledge/SA-2022051
HddPassword software SMI handler uses software interrupts to handle SMI events. This could result in a denial of service if an attacker sends a malicious iDMA command to the affected hardware, causing the hardware to enter an infinite SMI loop. The iDMA command sent by the attacker would have to be crafted so that it triggers an SMI on the affected hardware, causing the hardware to enter an infinite SMI loop.
An attacker can carry out such an attack by using direct memory access (DMA) commands to access the hardware and send malicious SMI events. This issue was uncovered by Insyde engineering. Fixed in kernel Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23 https://www.ins
Hardware-based SMI denial of service vulnerability
If an attacker sends a malicious DMA command to the affected hardware, it may lead to a denial of service. This issue was discovered by Insyde engineering. Fixed in kernel Kernel 5.2: 05.27.23, Kernel 5.3: 05.36.23, Kernel 5.4: 05.44.23, Kernel 5.5: 05.52.23
Hardware Reviews:
What Is Wrong With This Machine?
When people go to a computer store, they usually want to make sure that their new purchase is going to work out for them. They want the machine to be able to do what they need it to do and last a long time. There are many things that can lead to a computer failing after its first year, some of which are easy fixes and some of which might require an expensive repair or replacement. The best thing about computers is that there are still ways for people who are having problems with their machines to fix them themselves.
Hardware Information
This issue was discovered on hardware, identified by Insyde as follows:
The vulnerability affects all versions of the Intel 6300 Series Chipset initially distributed from September 2015. The vulnerability is documented to affect all versions of the Intel 6300 Series Chipset since September 2015. The vulnerability has been assigned ID CVE-2022-33909.
Hardware vulnerable to CVE-2020-3266
This issue was addressed by disabling the SMI handler for DMA transactions on the hardware which is vulnerable (see below for more details). https://www.insyde.com/security-pledge/SA-2022051
HddPassword software SMI handler uses software interrupts to handle SMI events. This could result in a denial of service if an attacker sends a malicious iDMA command to the affected hardware, causing the hardware to enter an infinite SMI loop. The iDMA command sent by the attacker would have to be crafted so that it triggers an SMI on the affected hardware, causing the hardware to enter an infinite SMI loop.
Timeline
Published on: 11/15/2022 00:15:00 UTC
Last modified on: 11/18/2022 15:50:00 UTC