First published: Wed Feb 02 2022(Updated: )
An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. A StorageSecurityCommandDxe SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Insyde InsydeH2O | >=5.1<5.14.34 | |
Insyde InsydeH2O | >=5.2<5.24.34 | |
Insyde InsydeH2O | >=5.3<5.33.34 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-43522 is a vulnerability discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. It allows an attacker to write fixed or predictable data to SMRAM, potentially leading to escalation of privileges.
An attacker can exploit CVE-2021-43522 by leveraging the StorageSecurityCommandDxe SMM memory corruption vulnerability to write fixed or predictable data to SMRAM, which may allow them to escalate privileges.
CVE-2021-43522 has a severity rating of 7.5 (high).
Insyde InsydeH2O versions 5.1 through 5.14.34, 5.2 through 5.24.34, and 5.3 through 5.33.34 are affected by CVE-2021-43522.
You can find more information about CVE-2021-43522 in the following references: [https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf](https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf), [https://security.netapp.com/advisory/ntap-20220216-0003/](https://security.netapp.com/advisory/ntap-20220216-0003/), [https://www.insyde.com/security-pledge](https://www.insyde.com/security-pledge)