CVE-2022-33983 DMA transactions used for NvmExpressLegacy software could cause SMRAM corruption.

CVE-2022-33983 DMA transactions used for NvmExpressLegacy software could cause SMRAM corruption.

An attacker could exploit this vulnerability to corrupt the data stored in the DRAM through DMA and thus potentially to deny service to legitimate memory requests from a memory-intensive application. An attacker could exploit this vulnerability to corrupt the data stored in the DRAM through DMA and thus potentially to deny service to legitimate memory requests from a memory-intensive application. An unprivileged user could exploit this vulnerability to potentially deny service to memory-intensive applications. An unprivileged user could exploit this vulnerability to potentially deny service to memory-intensive applications. At the time of this writing, there are no known public exploits. At the time of this writing, there are no known public exploits. Mitigations As of kernel 5.5, the Intel NVMExpressLegacy driver has been hardened against DMA attacks. As of kernel 5.2, the NvmExpressLegacy driver has been hardened against DMA attacks. Updates for the NVMExpressLegacy driver are available. Updates for the NvmExpressLegacy driver are available. Users are advised to monitor the progress of these updates. Users are advised to monitor the progress of these updates.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe