← Voltar para CVEs
CVE-2021-41838
HIGH8.2
Descricao
An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of a Numeric Range Comparison Without a Minimum Check.
Detalhes CVE
Pontuacao CVSS v3.18.2
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosHIGH
Interacao do usuarioNONE
Publicado2/3/2022
Ultima modificacao11/4/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
insyde:insydeh2osiemens:simatic_field_pg_m5siemens:simatic_field_pg_m5_firmwaresiemens:simatic_field_pg_m6siemens:simatic_field_pg_m6_firmwaresiemens:simatic_ipc127esiemens:simatic_ipc127e_firmwaresiemens:simatic_ipc227gsiemens:simatic_ipc227g_firmwaresiemens:simatic_ipc277gsiemens:simatic_ipc277g_firmwaresiemens:simatic_ipc327gsiemens:simatic_ipc327g_firmwaresiemens:simatic_ipc377gsiemens:simatic_ipc377g_firmwaresiemens:simatic_ipc427esiemens:simatic_ipc427e_firmwaresiemens:simatic_ipc477esiemens:simatic_ipc477e_firmwaresiemens:simatic_ipc627esiemens:simatic_ipc627e_firmwaresiemens:simatic_ipc647esiemens:simatic_ipc647e_firmwaresiemens:simatic_ipc677esiemens:simatic_ipc677e_firmwaresiemens:simatic_ipc847esiemens:simatic_ipc847e_firmwaresiemens:simatic_itp1000siemens:simatic_itp1000_firmware
Fraquezas (CWE)
CWE-119
Referencias
https://security.netapp.com/advisory/ntap-20220222-0001/(cve@mitre.org)
https://www.insyde.com/security-pledge(cve@mitre.org)
https://www.insyde.com/security-pledge/SA-2022023(cve@mitre.org)
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20220222-0001/(af854a3a-2127-422b-91ae-364da2661108)
https://www.insyde.com/security-pledge(af854a3a-2127-422b-91ae-364da2661108)
https://www.insyde.com/security-pledge/SA-2022023(af854a3a-2127-422b-91ae-364da2661108)
https://www.kb.cert.org/vuls/id/796611(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.