CVE-2021-33627

An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 before 05.27.11, 5.3 before 05.36.11, 5.4 before 05.44.11, and 5.5 before 05.52.11 affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI_SMM_COMMUNICATION_PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.2 HIGH
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
VendorProductVersion
insydeinsydeh2o
5.0 ≤
𝑥
< 5.08.29
insydeinsydeh2o
5.1 ≤
𝑥
< 5.16.29
insydeinsydeh2o
5.2 ≤
𝑥
< 5.26.29
insydeinsydeh2o
5.3 ≤
𝑥
< 5.35.29
siemenssimatic_field_pg_m5_firmware
*
siemenssimatic_field_pg_m6_firmware
*
siemenssimatic_ipc127e_firmware
*
siemenssimatic_ipc227g_firmware
*
siemenssimatic_ipc277g_firmware
*
siemenssimatic_ipc327g_firmware
*
siemenssimatic_ipc377g_firmware
*
siemenssimatic_ipc427e_firmware
*
siemenssimatic_ipc477e_firmware
*
siemenssimatic_ipc627e_firmware
*
siemenssimatic_ipc647e_firmware
*
siemenssimatic_ipc677e_firmware
*
siemenssimatic_ipc847e_firmware
*
siemenssimatic_itp1000_firmware
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf
https://security.netapp.com/advisory/ntap-20220222-0002/
https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2022022
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf
https://security.netapp.com/advisory/ntap-20220222-0002/
https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2022022