First published: Wed Jan 05 2022(Updated: )
An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler lacks a CommBuffer check.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Insyde InsydeH2O | >=5.0<05.08.46 | |
Insyde InsydeH2O | >=5.1<05.16.46 | |
Insyde InsydeH2O | >=5.2<05.26.46 | |
Insyde InsydeH2O | >=5.3<05.35.46 | |
Insyde InsydeH2O | >5.4<05.43.46 | |
Insyde InsydeH2O | >=5.5<05.51.45 | |
>=5.0<05.08.46 | ||
>=5.1<05.16.46 | ||
>=5.2<05.26.46 | ||
>=5.3<05.35.46 | ||
>5.4<05.43.46 | ||
>=5.5<05.51.45 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-41842 is a vulnerability discovered in AtaLegacySmm in the Insyde InsydeH2O kernel versions 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45.
The severity of CVE-2021-41842 is critical, with a CVSS score of 9.8.
Code execution can occur in CVE-2021-41842 because the SMI handler lacks a CommBuffer check.
The affected software versions of CVE-2021-41842 are Insyde InsydeH2O 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45.
More information about CVE-2021-41842 can be found at the following references: [link1], [link2].