First published: Fri Sep 08 2023(Updated: )
An issue was discovered in iscflashx64.sys 3.9.3.0 in Insyde H2OFFT 6.20.00. When handling IOCTL 0x22229a, the input used to allocate a buffer and copy memory is mishandled. This could cause memory corruption or a system crash.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Insyde H2OFFT | =6.20.00 | |
Insyde Iscflashx64.sys | =3.9.3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-33834 is high with a severity value of 7.1.
Insyde H2OFFT version 6.20.00 and Insyde Iscflashx64.sys version 3.9.3.0 are affected by CVE-2021-33834.
CVE-2021-33834 is caused by mishandling the input used to allocate a buffer and copy memory in iscflashx64.sys 3.9.3.0.
CVE-2021-33834 could cause memory corruption or a system crash.
You can find more information about CVE-2021-33834 on the Insyde security pledge website: [https://www.insyde.com/security-pledge](https://www.insyde.com/security-pledge) and the specific advisory SA-2021004: [https://www.insyde.com/security-pledge/SA-2021004](https://www.insyde.com/security-pledge/SA-2021004).