CVE-2021-41289

Published: Nov 15, 2021Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD (Secondary)

Description

ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. With a general user’s permission, local attackers can modify the BIOS by replacing or filling in the content of the designated Memory DataBuffer, which causing a failure of integrity verification and further resulting in a failure to boot.

Affected (1)

Products: Asus: P453uj Bios

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Asus P453uj Bios	Version 311

Running on/with	Platform Versions
Asus P453uj	All versions

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (4)

https://www.asus.com/tw/supportonly/P453UJ/HelpDesk_BIOS/

Source: twcert@cert.org.tw

Vendor Advisory

https://www.twcert.org.tw/tw/cp-132-5284-35790-1.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.asus.com/tw/supportonly/P453UJ/HelpDesk_BIOS/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.twcert.org.tw/tw/cp-132-5284-35790-1.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.