DMA Device Enabled Too Early in Boot Phase

CVE-2022-22566

Medium

6.9/10

Summary

Select Dell Client Commercial and Consumer platforms contain a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.

Attack Complexity: HIGH
Attack Vector: PHYSICAL
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-1190 - DMA Device Enabled Too Early in Boot Phase

The product enables a Direct Memory Access (DMA) capable device before the security configuration settings are established, which allows an attacker to extract data from or gain privileges on the product.

References

Advisory Timeline

Published Feb 09, 2022

DMA Device Enabled Too Early in Boot Phase

CVE-2022-22566

Summary

CWE-1190 - DMA Device Enabled Too Early in Boot Phase

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS