First published: Wed Jan 05 2022(Updated: )
An issue was discovered in SdHostDriver in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (CommBufferData).
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Insyde InsydeH2O | >=5.1<5.16.25 | |
Insyde InsydeH2O | >=5.2<5.26.25 | |
Insyde InsydeH2O | >=5.3<5.35.25 | |
Insyde InsydeH2O | >=5.4<5.43.25 | |
Insyde InsydeH2O | >=5.5<05.51.25 | |
>=5.1<5.16.25 | ||
>=5.2<5.26.25 | ||
>=5.3<5.35.25 | ||
>=5.4<5.43.25 | ||
>=5.5<05.51.25 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-45971 is a vulnerability in SdHostDriver in Insyde InsydeH2O with kernel versions 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25.
CVE-2021-45971 has a severity value of 8.2 (high).
Insyde InsydeH2O versions 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25 are affected by CVE-2021-45971.
To fix CVE-2021-45971, it is recommended to update to the latest version of Insyde InsydeH2O that includes the necessary security patches.
You can find more information about CVE-2021-45971 at the following references: [Reference 1](https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf), [Reference 2](https://security.netapp.com/advisory/ntap-20220216-0004/), [Reference 3](https://www.insyde.com/security-pledge).