Summaryinfo

A vulnerability, which was classified as critical, was found in Insyde InsydeH2O. This issue affects some unknown processing of the component SMM. Such manipulation of the argument current_ptr leads to memory corruption. This vulnerability is uniquely identified as CVE-2021-41837. No exploit exists. You should upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as critical, has been found in Insyde InsydeH2O (affected version not known). Affected by this issue is some unknown functionality of the component SMM. The manipulation of the argument current_ptr with an unknown input leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Impacted is confidentiality, integrity, and availability. CVE summarizes:

An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

The weakness was disclosed 02/03/2022. The advisory is shared for download at insyde.com. This vulnerability is handled as CVE-2021-41837 since 10/01/2021. There are known technical details, but no exploit is available.

Upgrading eliminates this vulnerability.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Vendor

• Insyde

Name

• InsydeH2O

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion