CVE-2022-33908 DMA transactions could corrupt SMRAM through a TOCTOU attack.

CVE-2022-33908 DMA transactions could corrupt SMRAM through a TOCTOU attack.

CVE-2018-3615 was assigned to this issue. Note that this issue does not affect x86 processors with hyperthreading enabled. It is not expected to be exploitable on systems with hyperthreading enabled. On systems that have hyperthreading enabled, this issue is only exploitable by privileged users within the network security context. This issue has been assigned the CVE identifier CVE-2018-3615. Linux kernel versions 4.14 and 4.15 are vulnerable; other versions and kernel branches are likely vulnerable as well.


Red Hat Enterprise Linux, CentOS, and Oracle Linux users are advised to upgrade to these updated versions as soon as possible.


Red Hat Enterprise Linux users should update to version 7.4.z, which was released on May 25, 2018. This updated Red Hat Enterprise Linux kernel fixes a DMA transaction which is targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdHostDriver driver could cause SMRAM corruption through a TOCTOU attack. This issue was discovered by Insyde engineering based on the general description provided by Intel's iSTARE group. Fixed in kernel 5.2: 05.27.25, kernel 5.3: 05.36.25, kernel 5.4: 05.44.25, kernel 5.5: 05

Miscellaneous Software Issues

CVE-2018-3615 was assigned to this issue. Note that this issue does not affect x86 processors with hyperthreading enabled. It is not expected to be exploitable on systems with hyperthreading enabled. On systems that have hyperthreading enabled, this issue is only exploitable by privileged users within the network security context. This issue has been assigned the CVE identifier CVE-2018-3615. Linux kernel versions 4.14 and 4.15 are vulnerable; other versions and kernel branches are likely vulnerable as well.

IMPORTANT: 18 May 2018 - Critical Bug Fix for CVE-2018-3615

On 18 May 2018, Insyde released a critical update for the Insyde software SMRAM driver. This update resolves an issue that could cause memory corruption through a TOCTOU attack.

Potential Fix

If you are running a Red Hat Enterprise Linux or Oracle Linux system, the following commands can be used to upgrade the kernel:
yum -y update kernel
yum -y install kernel-2.6.32-5-oracle

Technical Description

A vulnerability in the Linux kernel could allow a local attacker to gain root privileges. A machine with an affected kernel installed is vulnerable if it has enabled hyperthreading and either of the following conditions exist:
1) The machine has been configured with an SMI handler that includes a DMA transaction targeted at input buffers used by the software SMI handler for the SdHostDriver driver, or
2) The machine has been configured with an SMI handler that includes a DMA transaction targeted at input buffers used by another software SMI handler.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe