First published: Thu Feb 03 2022(Updated: )
An issue was discovered in Insyde InsydeH2O Kernel 5.0 through 05.08.41, Kernel 5.1 through 05.16.41, Kernel 5.2 before 05.23.22, and Kernel 5.3 before 05.32.22. An Int15ServiceSmm SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Insyde InsydeH2O | >=5.2<5.23.35 | |
Insyde InsydeH2O | >=5.3<5.32.35 | |
Insyde InsydeH2O | >=5.1<5.16.42 | |
Insyde InsydeH2O | >=5.0<05.08.49 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2021-42060.
CVE-2021-42060 has a severity rating of 8.2 (high).
CVE-2021-42060 affects Insyde InsydeH2O Kernel versions 5.0 through 05.08.41, 5.1 through 05.16.41, 5.2 before 05.23.22, and 5.3 before 05.32.22.
CVE-2021-42060 allows an attacker to hijack execution flow of code running in System Management Mode (SMM).
To mitigate CVE-2021-42060, it is recommended to apply the necessary security patches provided by Insyde or follow the guidance provided in the vendor's security advisory.