CVE-2021-41839
Summary
| CVE | CVE-2021-41839 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-02-03 02:15:00 UTC |
| Updated | 2023-08-08 14:22:00 UTC |
| Description | An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Insyde's Security Pledge | Insyde Software | MISC | www.insyde.com | |
| cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf | CONFIRM | cert-portal.siemens.com | |
| CVE-2021-41839 InsydeH20 Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| Insyde Security Advisory 2022020 | Insyde Software | MISC | www.insyde.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 590981 Siemens Industrial Products Insyde BIOS Multiple Vulnerabilities (SSA-306654)