4 matches found
Siemens InsydeH2O Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2021-41839)
An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges...
CVE-2021-41839
creationtimestamp| type| source ---|---|--- 2022-02-03 07:29:39+00:00| seen| https://t.me/cibsecurity/36742...
CVE-2021-41839
An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges...
CVE-2021-41839
CVE-2021-41839 affects the InsydeH2O/ NvmExpressDxe driver in kernel versions 5.0–5.5. The root cause is an Untrusted Pointer Dereference that can corrupt SMM memory (SMRAM), enabling a local attacker to escalate privileges to System Management Mode. Public records describe the issue as a SMM mem...