An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the status code saved at the CommBuffer+4 location).
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220216-0004/ | Third Party Advisory |
https://www.insyde.com/security-pledge | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-01-05T22:59:10
Updated: 2022-02-22T19:06:32
Reserved: 2022-01-01T00:00:00
Link: CVE-2021-45970
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-01-05T23:15:08.887
Modified: 2022-03-29T16:35:09.413
Link: CVE-2021-45970
JSON object: View
Redhat Information
No data.
CWE