CVE-2021-41838
Summary
| CVE | CVE-2021-41838 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-02-03 02:15:00 UTC |
| Updated | 2022-03-01 19:42:00 UTC |
| Description | An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Insyde | Insydeh2o | All | All | All | All |
| Hardware | Siemens | Simatic Field Pg M5 | - | All | All | All |
| Operating System | Siemens | Simatic Field Pg M5 Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Field Pg M6 | - | All | All | All |
| Operating System | Siemens | Simatic Field Pg M6 Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Ipc127e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc127e Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Ipc227g | - | All | All | All |
| Operating System | Siemens | Simatic Ipc227g Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Ipc277g | - | All | All | All |
| Operating System | Siemens | Simatic Ipc277g Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Ipc327g | - | All | All | All |
| Operating System | Siemens | Simatic Ipc327g Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Ipc377g | - | All | All | All |
| Operating System | Siemens | Simatic Ipc377g Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Ipc427e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc427e Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Ipc477e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc477e Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Ipc627e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc627e Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Ipc647e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc647e Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Ipc677e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc677e Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Ipc847e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc847e Firmware | All | All | All | All |
| Hardware | Siemens | Simatic Itp1000 | - | All | All | All |
| Operating System | Siemens | Simatic Itp1000 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Insyde's Security Pledge | Insyde Software | MISC | www.insyde.com | |
| cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf | CONFIRM | cert-portal.siemens.com | |
| Insyde Security Advisory 2022023 | Insyde Software | MISC | www.insyde.com | |
| CVE-2021-41838 InsydeH20 Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 590981 Siemens Industrial Products Insyde BIOS Multiple Vulnerabilities (SSA-306654)