TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2021-41837

HIGH
8.2

Beschreibung

An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

CVE Details

CVSS v3.1 Bewertung8.2
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionNONE
Veroffentlicht2/3/2022
Zuletzt geandert11/4/2025
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

insyde:insydeh2osiemens:simatic_field_pg_m5siemens:simatic_field_pg_m5_firmwaresiemens:simatic_field_pg_m6siemens:simatic_field_pg_m6_firmwaresiemens:simatic_ipc127esiemens:simatic_ipc127e_firmwaresiemens:simatic_ipc227gsiemens:simatic_ipc227g_firmwaresiemens:simatic_ipc277gsiemens:simatic_ipc277g_firmwaresiemens:simatic_ipc327gsiemens:simatic_ipc327g_firmwaresiemens:simatic_ipc377gsiemens:simatic_ipc377g_firmwaresiemens:simatic_ipc427esiemens:simatic_ipc427e_firmwaresiemens:simatic_ipc477esiemens:simatic_ipc477e_firmwaresiemens:simatic_ipc627esiemens:simatic_ipc627e_firmwaresiemens:simatic_ipc647esiemens:simatic_ipc647e_firmwaresiemens:simatic_ipc677esiemens:simatic_ipc677e_firmwaresiemens:simatic_ipc847esiemens:simatic_ipc847e_firmwaresiemens:simatic_itp1000siemens:simatic_itp1000_firmware

Schwachen (CWE)

CWE-119

Referenzen

https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf(cve@mitre.org)
https://security.netapp.com/advisory/ntap-20220222-0003/(cve@mitre.org)
https://www.insyde.com/security-pledge(cve@mitre.org)
https://www.insyde.com/security-pledge/SA-2022024(cve@mitre.org)
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20220222-0003/(af854a3a-2127-422b-91ae-364da2661108)
https://www.insyde.com/security-pledge(af854a3a-2127-422b-91ae-364da2661108)
https://www.insyde.com/security-pledge/SA-2022024(af854a3a-2127-422b-91ae-364da2661108)
https://www.kb.cert.org/vuls/id/796611(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.