An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.
References
| Link | Resource |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf | Third Party Advisory |
| https://security.netapp.com/advisory/ntap-20220222-0003/ | Third Party Advisory |
| https://www.insyde.com/security-pledge | Vendor Advisory |
| https://www.insyde.com/security-pledge/SA-2022024 | Vendor Advisory |
| https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf | Third Party Advisory |
| https://security.netapp.com/advisory/ntap-20220222-0003/ | Third Party Advisory |
| https://www.insyde.com/security-pledge | Vendor Advisory |
| https://www.insyde.com/security-pledge/SA-2022024 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
Configuration 16 (hide)
| AND |
|
Configuration 17 (hide)
| AND |
|
Configuration 18 (hide)
| AND |
|
Configuration 19 (hide)
| AND |
|
Configuration 20 (hide)
| AND |
|
History
21 Nov 2024, 06:26
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf - Third Party Advisory | |
| References | () https://security.netapp.com/advisory/ntap-20220222-0003/ - Third Party Advisory | |
| References | () https://www.insyde.com/security-pledge - Vendor Advisory | |
| References | () https://www.insyde.com/security-pledge/SA-2022024 - Vendor Advisory |
01 Mar 2022, 19:43
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:siemens:simatic_field_pg_m6:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc327g:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc227g:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc127e:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc377g:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc677e:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itp1000:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc627e:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc227g_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc647e:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc377g_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc277g_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc427e:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc277g:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_field_pg_m5:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc847e:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_ipc477e:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_ipc327g_firmware:*:*:*:*:*:*:*:* |
|
| References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf - Third Party Advisory | |
| References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220222-0003/ - Third Party Advisory |
24 Feb 2022, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
09 Feb 2022, 20:04
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-119 | |
| CPE | cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 8.2 |
| References | (MISC) https://www.insyde.com/security-pledge/SA-2022024 - Vendor Advisory | |
| References | (MISC) https://www.insyde.com/security-pledge - Vendor Advisory |
09 Feb 2022, 02:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM. | |
| References |
|
03 Feb 2022, 02:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-02-03 02:15
Updated : 2024-11-21 06:26
NVD link : CVE-2021-41837
Mitre link : CVE-2021-41837
CVE.ORG link : CVE-2021-41837
JSON object : View
Products Affected
siemens
- simatic_ipc677e
- simatic_ipc127e_firmware
- simatic_ipc427e_firmware
- simatic_ipc427e
- simatic_ipc647e
- simatic_itp1000
- simatic_ipc627e_firmware
- simatic_ipc477e_firmware
- simatic_ipc647e_firmware
- simatic_ipc847e_firmware
- simatic_field_pg_m5
- simatic_field_pg_m6_firmware
- simatic_ipc227g
- simatic_ipc627e
- simatic_itp1000_firmware
- simatic_field_pg_m5_firmware
- simatic_ipc277g
- simatic_ipc327g
- simatic_ipc127e
- simatic_ipc277g_firmware
- simatic_ipc847e
- simatic_field_pg_m6
- simatic_ipc377g_firmware
- simatic_ipc677e_firmware
- simatic_ipc377g
- simatic_ipc227g_firmware
- simatic_ipc477e
- simatic_ipc327g_firmware
insyde
- insydeh2o
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer