ByteOS Network

Vulnerability Details :

CVE-2021-41842

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-05 Jan, 2022 | 23:07

Updated At-04 Aug, 2024 | 03:22

An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler lacks a CommBuffer check.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:05 Jan, 2022 | 23:07

Updated At:04 Aug, 2024 | 03:22

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
https://www.insyde.com/security-pledge	x_refsource_MISC
https://security.netapp.com/advisory/ntap-20220223-0002/	x_refsource_CONFIRM

Hyperlink: https://www.insyde.com/security-pledge

Resource:

x_refsource_MISC

Hyperlink: https://security.netapp.com/advisory/ntap-20220223-0002/

Resource:

x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://www.insyde.com/security-pledge	x_refsource_MISC x_transferred
https://security.netapp.com/advisory/ntap-20220223-0002/	x_refsource_CONFIRM x_transferred

Hyperlink: https://www.insyde.com/security-pledge

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://security.netapp.com/advisory/ntap-20220223-0002/

Resource:

x_refsource_CONFIRM

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:06 Jan, 2022 | 00:15

Updated At:01 Mar, 2022 | 19:58

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

Insyde Software Corp. (ISC)

>>insydeh2o>>Versions from 5.0(inclusive) to 05.08.46(exclusive)

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Insyde Software Corp. (ISC)

>>insydeh2o>>Versions from 5.1(inclusive) to 05.16.46(exclusive)

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Insyde Software Corp. (ISC)

>>insydeh2o>>Versions from 5.2(inclusive) to 05.26.46(exclusive)

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Insyde Software Corp. (ISC)

>>insydeh2o>>Versions from 5.3(inclusive) to 05.35.46(exclusive)

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Insyde Software Corp. (ISC)

>>insydeh2o>>Versions between 5.4(exclusive) and 05.43.46(exclusive)

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Insyde Software Corp. (ISC)

>>insydeh2o>>Versions from 5.5(inclusive) to 05.51.45(exclusive)

cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://security.netapp.com/advisory/ntap-20220223-0002/	cve@mitre.org	Third Party Advisory
https://www.insyde.com/security-pledge	cve@mitre.org	Vendor Advisory

Hyperlink: https://security.netapp.com/advisory/ntap-20220223-0002/

Source: cve@mitre.org

Resource:

Third Party Advisory

Hyperlink: https://www.insyde.com/security-pledge

Source: cve@mitre.org

Resource:

Vendor Advisory

Similar CVEs

3Records found

CVE-2021-38578

Matching Score-8

Assigner-TianoCore.org

View Details

Matching Score-8

Assigner-TianoCore.org

CVSS Score-7.4||HIGH

EPSS-0.06% / 17.89%

7 Day CHG~0.00%

Published-03 Mar, 2022 | 21:53

Updated-23 Apr, 2025 | 18:59

Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.

Vendor-tianocore TianoCore Insyde Software Corp. (ISC)

Product-kernel edk2 EDK II

CWE ID-CWE-124

Buffer Underwrite ('Buffer Underflow')

CWE ID-CWE-787

Out-of-bounds Write

CVE-2020-5955

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-9.8||CRITICAL

EPSS-0.73% / 71.67%

7 Day CHG~0.00%

Published-03 Nov, 2021 | 00:19

Updated-04 Aug, 2024 | 08:47

An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges.

CVE-2023-39281

Matching Score-8

Assigner-MITRE Corporation

View Details

Matching Score-8

Assigner-MITRE Corporation

CVSS Score-5.7||MEDIUM

EPSS-0.23% / 45.89%

7 Day CHG~0.00%

Published-01 Nov, 2023 | 00:00

Updated-06 Sep, 2024 | 20:35

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase.

Vendor-n/a Intel Corporation Insyde Software Corp. (ISC)Advanced Micro Devices, Inc.

Product-celeron_7305l ryzen_7_7645hx core_i7-1280p core_i7-12650hx core_i5-12600t core_i7-12700h core_i5-13600k ryzen_7_pro_7730u core_i7_14700k core_i3-1210u van_gogh_0405 core_i7-13700kf ryzen_5_5600hs ryzen_3_5300ge core_i3-13300hre core_i7-1260u ryzen_7_5825u ryzen_9_7940hx v3c44 core_i5-12450h ryzen_9_7950x ryzen_5_7540u core_i7-1370p core_i5-12500t core_i7-1260p core_i9-13900e core_i5-1345ure core_i5-1335u core_i5-12500h core_i3-1220p ryzen_7_7700x core_i7-13800h core_i5-1345u core_i5-13500h ryzen_7_5700g core_i7-1270p n50 core_i5_14600k ryzen_9_6900hx ryzen_z1_extreme ryzen_7_7840hx core_i5-12600h core_i7-12700hl core_i3-13300he core_i7-12800hx ryzen_5_7640h core_i7-13700 hm770 core_i7-12700k ryzen_5_5500 core_i9-12900f ryzen_3_5400u b760 core_i7-1255ul celeron_g6900 core_i5-12400 core_i3-12100t ryzen_7_7735u core_i3-12300hl n97 ryzen_9_pro_7945 core_i9-13900hk core_i9-12900hk ryzen_7_7745hx ryzen_7_5700 core_i5-1240p core_i5-12500 core_i7-13650hx core_i7-13850hx ryzen_5_7535u core_i9-14900k core_i5-1345ue core_i7_14700kf core_i3-13100te ryzen_9_7845hx ryzen_7_6800hs core_i5-1245ul core_i5-13600hx ryzen_7_7736u core_i9-13900kf core_i5-13500te core_i5-13400e ryzen_5_5600u core_i7-12700 core_i5-13600 core_i5_14600kf ryzen_9_7645hx3d ryzen_5_5600ge core_i9-13950hx pentium_gold_g7400t athlon_gold_7220u core_i5-13400t core_i3-12100f core_i9-13900t celeron_7305 core_i5-12400t core_i3-1320pe ryzen_5_7535hs core_i7-13700h core_i9-12950hx core_i9-12900ks insydeh2o core_i5-1340pe ryzen_3_5425u core_i7-1370pre core_i7-13700t core_i9-13980hx core_i5-13420h core_i7-1360p core_i9-12900t ryzen_3_7440u ryzen3_5300u core_i3-n300 ryzen_7_5800u core_i7-12650h core_i3-1215u core_i9-13900ks ryzen_5_pro_7645 core_i7-1355u core_i3-12100 v314 core_i5-12500hl ryzen_7_5800h core_i7-12700f atom_x7211e core_i5-13600he core_i9-12900 core_i7-1375pre core_i5-13500t c262 ryzen_7_5700u core_i7-13700e core_i5-12600hl core_i5-1340p ryzen_7_6800h core_i5-13505h pentium_gold_g7400 core_i9-13900 core_i3-1315u core_i9-13900h ryzen_7_7840u ryzen_3_pro_7330u ryzen_7_5800hs core_i7-1250u ryzen_5_5500h core_i7-12800hl core_i7-13800hre core_i9-12900k ryzen_z1 core_i3-13100f core_i5-1350pe ryzen_5_6600h core_i9-13900f ryzen_9_6980hx pentium_8500 core_i3-13100t z790 core_i5-1350pre ryzen_9_7940h ryzen_5_5560u core_i7-13620h core_i3-1215ul core_i7-1265ul core_i7-1366ure core_i3-13100e ryzen_9_7900x n200 core_i7-1265u ryzen_5_6600hs celeron_g6900t core_i7-13700te n100 ryzen_7_7840h ryzen_9_5900hs core_i5-13400 ryzen_5_7640u core_i9-13900te ryzen_9_5980hs core_i7-1365ure core_i5-13600kf ryzen_5_7600 ryzen_9_6900hs pentium_8505 core_i7-13700k core_i7-1255u core_i5-12600 core_i3-1315ue n95 core_i7-1370pe ryzen_3_5300g h770 ryzen_3_7320u ryzen_5_pro_7530u ryzen_7_pro_7745 ryzen_5_7520u ryzen_5_5500u core_i3-13100 core_i5-12400f core_i5-12490f core_i5-13500e ryzen_7_7800x3d core_i5-13600t ryzen_5_pro_7640hs core_i7-13705h v3c16 core_i5-1245u ryzen_5_5600h core_i7-12700t ryzen_7_6800u ryzen_9_7945hx core_i3-12300 ryzen_5_5600g core_i5-1235ul ryzen_7_7735hs ryzen_9_7900x3d core_i7-13700hx core_i5-12600k core_i3-1320pre core_i5-1335ue v3c48 ryzen_5_7600x athlon_silver_7120u ryzen_5_6600u ryzen_5_5625u core_i9-13900k core_i3-12300t ryzen_7_5700ge core_i7-1365ue core_i7-12700kf ryzen_3_5125c core_i9-12900kf core_i9-13900hx core_i3-1305u core_i3-1315ure atom_x7213e core_i9-12900h core_i5-13500 core_i9-14900kf ryzen_3_7335u ryzen_7_pro_7840hs core_i5-12450hx ryzen_5_7545u core_i5-1235u core_i5-13400f u300e atom_x7425e core_i5-13500hx core_i5-1240u ryzen_5_7500f celeron_7300 ryzen_9_pro_7940hs core_i7-1365u core_i7-12800h wm790 core_i5-12600kf u300 core_i7-13800he v3c18 ryzen_9_5900hx core_i9-13905h c266 core_i7-12850hx core_i5-1350p ryzen_9_7950x3d core_i7-13700f ryzen_7_7700 core_i5-12600hx core_i5-13600h ryzen_3_5100 core_i3-n305 ryzen_9_7900 core_i5-13600hre core_i9-12900hx core_i5-1250p core_i5-1230u core_i5-13450hx core_i5-1334u ryzen_9_6980hs ryzen_9_7940hs n/a insydeh20

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2021-41842

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs