An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220217-0016/ | Third Party Advisory |
https://www.insyde.com/security-pledge | Vendor Advisory |
https://www.insyde.com/security-pledge/SA-2022020 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-02-03T01:37:10
Updated: 2022-02-22T19:06:25
Reserved: 2021-10-01T00:00:00
Link: CVE-2021-41839
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-02-03T02:15:07.123
Modified: 2023-08-08T14:22:24.967
Link: CVE-2021-41839
JSON object: View
Redhat Information
No data.
CWE