Vulnerability CVE-2021-41839
Published: 2022-02-03

Description:
An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Type:

CWE-476

 (NULL Pointer Dereference)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Insyde -> Insydeh2o 

 References:
https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2022020
Copyright 2024, cxsecurity.com

 

Back to Top