← Back

CVE-2021-45969

nvd nist
Published: Jan 5, 2022Modified: Nov 4, 2025

JSON object

Loading...
8.2
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Exploitability: 1.5 / Impact: 6.0
Source: NVD

Description

An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the CommBuffer+8 location).

Affected (5)

Products: Insyde: Insydeh2o
Insyde
1 product
Insydeh2o
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Insydeh2o
From 5.1 to 5.16.25
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Insydeh2o
From 5.2 to 5.26.25
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Insydeh2o
From 5.3 to 5.35.25
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Insydeh2o
From 5.4 to 5.43.25
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
Insydeh2o
From 5.5 to 05.51.25

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (7)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.