Lucene search

[email protected]CVE-2021-39298

HistoryFeb 16, 2022 - 5:15 p.m.

CVE-2021-39298

2022-02-1617:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

amd

system management mode

smm

vulnerability

arbitrary code execution

uefi firmware

security bypass

cve-2021-39298

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

11.9%

JSON

A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware.

CPENameOperatorVersion
hp:z1_entry_tower_g5_workstation_firmwarehp z1 entry tower g5 workstation firmwarelt02.12.00
hp:z1_entry_tower_g6_workstation_firmwarehp z1 entry tower g6 workstation firmwarelt02.10.00
hp:z1_g8_tower_desktop_pc_firmwarehp z1 g8 tower desktop pc firmwarelt02.07.00
hp:z4_g4_workstation_\(core-x\)_firmwarehp z4 g4 workstation \(core-x\) firmwarelt02.75
hp:z4_g4_workstation_\(xeon_w\)_firmwarehp z4 g4 workstation \(xeon w\) firmwarelt02.75
hp:z6_g4_workstation_firmwarehp z6 g4 workstation firmwarelt02.75
hp:z8_g4_workstation_firmwarehp z8 g4 workstation firmwarelt02.75
hp:engage_flex_mini_retail_system_firmwarehp engage flex mini retail system firmwarelt02.10.00
hp:mp9_g4_retail_system_firmwarehp mp9 g4 retail system firmwarelt02.18.00
hp:elite_dragonfly_firmwarehp elite dragonfly firmwarelt01.12.00

CPE	Name	Operator	Version
hp:z1_entry_tower_g5_workstation_firmware	hp z1 entry tower g5 workstation firmware	lt	02.12.00
hp:z1_entry_tower_g6_workstation_firmware	hp z1 entry tower g6 workstation firmware	lt	02.10.00
hp:z1_g8_tower_desktop_pc_firmware	hp z1 g8 tower desktop pc firmware	lt	02.07.00
hp:z4_g4_workstation_\(core-x\)_firmware	hp z4 g4 workstation \(core-x\) firmware	lt	02.75
hp:z4_g4_workstation_\(xeon_w\)_firmware	hp z4 g4 workstation \(xeon w\) firmware	lt	02.75
hp:z6_g4_workstation_firmware	hp z6 g4 workstation firmware	lt	02.75
hp:z8_g4_workstation_firmware	hp z8 g4 workstation firmware	lt	02.75
hp:engage_flex_mini_retail_system_firmware	hp engage flex mini retail system firmware	lt	02.10.00
hp:mp9_g4_retail_system_firmware	hp mp9 g4 retail system firmware	lt	02.18.00
hp:elite_dragonfly_firmware	hp elite dragonfly firmware	lt	01.12.00

Rows per page:

1-10 of 1871

References

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1027

www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

11.9%

JSON

Related for CVE-2021-39298

prion1 hp2 nvidia1 amd2