First published: Thu Feb 03 2022(Updated: )
An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Insyde InsydeH2O | >=5.1<5.16.25 | |
Insyde InsydeH2O | >=5.2<5.26.25 | |
Insyde InsydeH2O | >=5.3<5.35.25 | |
Insyde InsydeH2O | >=5.4<5.43.25 | |
Insyde InsydeH2O | >=5.5<5.51.25 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-41839.
The severity of CVE-2021-41839 is high with a score of 8.2.
The affected software for CVE-2021-41839 is InsydeH2O version 5.0 through 5.5.
Exploiting CVE-2021-41839 could lead to escalating privileges and write fixed or predictable data to SMRAM.
You can find more information about CVE-2021-41839 in the following references: [https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf](https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf), [https://security.netapp.com/advisory/ntap-20220217-0016/](https://security.netapp.com/advisory/ntap-20220217-0016/), [https://www.insyde.com/security-pledge](https://www.insyde.com/security-pledge).