Summaryinfo

A vulnerability has been found in InsydeH2O and classified as critical. Impacted is an unknown function of the component SMM. Performing a manipulation of the argument ptr results in memory corruption. This vulnerability was named CVE-2021-41838. There is no available exploit. The affected component should be upgraded.

Detailsinfo

A vulnerability, which was classified as critical, was found in InsydeH2O (the affected version unknown). This affects an unknown part of the component SMM. The manipulation of the argument ptr with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check.

The weakness was presented 02/03/2022. The advisory is shared at insyde.com. This vulnerability is uniquely identified as CVE-2021-41838 since 10/01/2021. Technical details are known, but no exploit is available.

Upgrading eliminates this vulnerability.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Name

• InsydeH2O

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion