CVE-2022-24069 - AhciBusDxe SMM Callout Vulnerability in Insyde InsydeH2O

Recently, a security vulnerability with the code CVE-2022-24069 has been discovered in the AhciBusDxe component of Insyde InsydeH2O for various kernel versions. This vulnerability is related to a System Management Mode (SMM) call-out and could potentially allow an attacker to hijack the execution flow of code running in SMM, potentially leading to the escalation of privileges.

Exploit Details

The issue was discovered in the AhciBusDxe component of Insyde InsydeH2O. This vulnerability lies within the SMM callout functionality, which can allow an attacker to hijack the execution flow of code running in SMM. By hijacking the execution flow, an attacker can potentially escalate their privileges within the system, posing a significant security risk to the affected systems.

Consider the following code snippet as an example

UINTN
EFIAPI
SmmCalloutHandler (
  IN EFI_HANDLE DispatchHandle,
  IN CONST VOID *Context OPTIONAL,
  IN OUT VOID *CommBuffer OPTIONAL,
  IN OUT UINTN *CommBufferSize OPTIONAL
  )
{
  // ...
  SmmCallout = (SMM_CALLOUT_REGISTRATION *) Context;
  // ...

  // Exploit begins here
  if (SmmCallout->Address != ) {
    (*(VOID (*)())SmmCallout->Address)();
  }
  // Exploit ends here

  // ...
}

As seen in the code snippet, the vulnerability can be exploited by an attacker utilizing a crafted SMM callout, leading to the hijacking of the execution flow within the SMM handlers.

Mitigation

At the time of writing this post, the developers of Insyde InsydeH2O have released updates for the affected kernel versions. Users should update to the following versions to mitigate the vulnerability:

References

- CVE-2022-24069
- Insyde InsydeH2O Security Update

Conclusion

In conclusion, users are encouraged to update their Insyde InsydeH2O kernel to the latest version immediately to mitigate the risk of exploitation from the CVE-2022-24069 vulnerability. If you are a user or administrator of an affected system, please consult the available resources and apply security updates as necessary. It is crucial to remain vigilant and ensure your systems have the latest patches to maintain a secure and stable environment.

Timeline

Published on: 02/03/2022 00:15:00 UTC
Last modified on: 03/29/2022 16:35:00 UTC