CVE-2022-33906 DMA transactions that are used by FwBlockServiceSmm software SMI handler could cause SMRAM corruption.
Due to the fact that the Intel Linux kernel provides a limited number of ring-3 interrupts that can be delivered to an Intel processor, design engineers may use the Selective System Management Architecture (SSM/SMI) interface to trigger a desired system state. These interrupts are critical and must be handled correctly to avoid potentially exposing the processor and system to a denial-of-service (DoS) attack. Unless the SSM/SMI interface is used correctly, an attacker could modify the processor's state, which may result in a DoS condition. Due to the fact that the Intel Linux kernel provides a limited number of ring-3 interrupts that can be delivered to an Intel processor, design engineers may use the(SSM/SMI) interface to trigger a desired system state. These interrupts are critical and must be handled correctly to avoid potentially exposing the processor and system to a denial-of-service (DoS) attack. Unless the SSM/SMI interface is used correctly, an attacker could modify the processor's state, which may result in a DoS condition. There are two types of SSM/SMI interrupts: DMA transactions which are targeted at input buffers used by the FwBlockServiceSmm driver could cause SMRAM corruption through a TOCTOU attack. Fixed in kernel 5.2: 05.27.23, 5.3: 05.36.23, 5.4: 05.44.23, 5.5: 05.52
DMA transaction DoS vulnerability
Some fixed in kernel 5.2: 05.27.23, 5.3: 05.36.23, 5.4: 05.44.23, 5.5: 05.52
The following are the two types of SSM/SMI interrupts that can be delivered to an Intel processor; they are necessary for the system to work properly and depend on each other for proper function:
1) DMA transactions which are targeted at input buffers used by the FwBlockServiceSmm driver could cause SMRAM corruption through a TOCTOU attack 
2) Fixed in kernel 5.2: 05.27.23, 5.3: 05.36.23, 5.4: 05.44.23, 5.5: 05.52
DMA transactions can cause SMRAM corruption through a TOCTOU attack
DMA transactions can cause SMRAM corruption through a TOCTOU attack. Fixed in kernel 5.2: 05.27.23, 5.3: 05.36.23, 5.4: 05.44.23, 5.5: 05.52
The vulnerability
CVE-2022-33906 is a vulnerability in Linux Kernel's Selective System Management Architecture (SSM/SMI) interface. The vulnerability allows an attacker to cause SMRAM corruption through a TOCTOU attack and trigger the DMA transactions that could cause SMRAM corruption. Fixed in kernel 5.2: 05.27.23, 5.3: 05.36.23, 5.4: 05.44.23, 5.5: 05.52
DMA Transaction Interrupts
Design engineers must take a number of precautions when using the SSM/SMI interface to prevent a DoS attack. For example, design engineers can limit the number of DMA transactions that are delivered to the processor. They may also use the SSM/SMI interface to ensure that fixed interrupts are not missed when they occur on an Intel processor. Design engineers should not use the SSM/SMI interface in an unintended way, as this could lead to a denial-of-service condition.
Timeline
Published on: 11/15/2022 00:15:00 UTC
Last modified on: 11/18/2022 15:50:00 UTC