CVE-2021-42554

An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16.42, Kernel 5.2 before 05.26.42, Kernel 5.3 before 05.35.42, Kernel 5.4 before 05.42.51, and Kernel 5.5 before 05.50.51. An SMM memory corruption vulnerability in FvbServicesRuntimeDxe allows a possible attacker to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Published: Feb 3, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-42554
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.2
AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
insyde / insydeh2o	5.0	5.08.42
insyde / insydeh2o	5.1	5.16.42
insyde / insydeh2o	5.2	5.26.42
insyde / insydeh2o	5.3	5.35.42
insyde / insydeh2o	5.4	5.42.51
insyde / insydeh2o	5.5	5.50.51
siemens / simatic_field_pg_m5_firmware	-	-
siemens / simatic_field_pg_m6_firmware	-	-
siemens / simatic_ipc127e_firmware	-	-
siemens / simatic_ipc227g_firmware	-	-
siemens / simatic_ipc277g_firmware	-	-
siemens / simatic_ipc327g_firmware	-	-
siemens / simatic_ipc377g_firmware	-	-
siemens / simatic_ipc427e_firmware	-	-
siemens / simatic_ipc477e_firmware	-	-
siemens / simatic_ipc627e_firmware	-	-
siemens / simatic_ipc647e_firmware	-	-
siemens / simatic_ipc677e_firmware	-	-
siemens / simatic_ipc847e_firmware	-	-
siemens / simatic_itp1000_firmware	-	-
siemens / ruggedcom_ape1808_firmware	-	-

Vulnerability Database

289,599

CVE-2021-42554