First published: Mon May 03 2021(Updated: )
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.
Credit: infosec@edk2.groups.io infosec@edk2.groups.io
Affected Software | Affected Version | How to fix |
---|---|---|
Tianocore EDK2 | <=202105 | |
Insyde Kernel | =5.0 | |
Insyde Kernel | =5.1 | |
Insyde Kernel | =5.2 | |
Insyde Kernel | =5.3 | |
Insyde Kernel | =5.4 | |
Insyde Kernel | =5.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-38575.
CVE-2021-38575 has a severity rating of 8.1 (high).
The affected software includes Tianocore EDK2 versions up to and including May 2021, and Insyde Kernel versions 5.0, 5.1, 5.2, 5.3, 5.4, and 5.5.
Yes, there are fixes and patches available. Please refer to the references for more information.
The common weaknesses associated with CVE-2021-38575 are CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-124 (Buffer Underwrite), CWE-252 (Unchecked Return Value), and CWE-680 (Integer Overflow to Buffer Overflow).