Lucene search

[email protected]CVE-2021-42554

HistoryFeb 03, 2022 - 2:15 a.m.

CVE-2021-42554

2022-02-0302:15:07

CWE-787

[email protected]

web.nvd.nist.gov

cve-2021-42554

insydeh2o

kernel 5.x

smm memory corruption

smram

privilege escalation

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in FvbServicesRuntimeDxe allows a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Affected configurations

NVD

Node

insydeinsydeh2oRange5.0–5.08.42

Node

insydeinsydeh2oRange5.1–5.16.42

Node

insydeinsydeh2oRange5.2–5.26.42

Node

insydeinsydeh2oRange5.3–5.35.42

Node

insydeinsydeh2oRange5.4–5.42.51

Node

insydeinsydeh2oRange5.5–5.50.51

Node

siemenssimatic_field_pg_m5_firmware

AND

siemenssimatic_field_pg_m5Match-

Node

siemenssimatic_field_pg_m6_firmware

AND

siemenssimatic_field_pg_m6Match-

Node

siemenssimatic_ipc127e_firmware

AND

siemenssimatic_ipc127eMatch-

Node

siemenssimatic_ipc227g_firmware

AND

siemenssimatic_ipc227gMatch-

Node

siemenssimatic_ipc277g_firmware

AND

siemenssimatic_ipc277gMatch-

Node

siemenssimatic_ipc327g_firmware

AND

siemenssimatic_ipc327gMatch-

Node

siemenssimatic_ipc377g_firmware

AND

siemenssimatic_ipc377gMatch-

Node

siemenssimatic_ipc427e_firmware

AND

siemenssimatic_ipc427eMatch-

Node

siemenssimatic_ipc477e_firmware

AND

siemenssimatic_ipc477eMatch-

Node

siemenssimatic_ipc627e_firmware

AND

siemenssimatic_ipc627eMatch-

Node

siemenssimatic_ipc647e_firmware

AND

siemenssimatic_ipc647eMatch-

Node

siemenssimatic_ipc677e_firmware

AND

siemenssimatic_ipc677eMatch-

Node

siemenssimatic_ipc847e_firmware

AND

siemenssimatic_ipc847eMatch-

Node

siemenssimatic_itp1000_firmware

AND

siemenssimatic_itp1000Match-

Node

siemensruggedcom_ape1808_firmware

AND

siemensruggedcom_ape1808Match-

CPENameOperatorVersion
insyde:insydeh2oinsyde insydeh2olt5.08.42

CPE	Name	Operator	Version
insyde:insydeh2o	insyde insydeh2o	lt	5.08.42

References

cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf

security.netapp.com/advisory/ntap-20220216-0007/

www.insyde.com/security-pledge

www.insyde.com/security-pledge/SA-2022012

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.2 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2021-42554

nessus1 prion1 cvelist1 cnvd1 nvd1 cert1 f51