An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-08, and 5.3 through 2021-11-08. A StorageSecurityCommandDxe SMM memory corruption vulnerability allows an attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220216-0003/ | Third Party Advisory |
https://www.insyde.com/security-pledge | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-02-02T23:41:09
Updated: 2022-02-22T19:06:54
Reserved: 2021-11-08T00:00:00
Link: CVE-2021-43522
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-02-03T00:15:07.677
Modified: 2022-03-29T16:35:44.457
Link: CVE-2021-43522
JSON object: View
Redhat Information
No data.
CWE