3 matches found
CVE-2021-45969
An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM System Management Mode branch that registers a SWSMI handler that does not...
Siemens InsydeH2O Out-of-bounds Write (CVE-2021-45969)
An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM System Management Mode branch that registers a SWSMI handler that does not...
CVE-2021-45969
CVE-2021-45969 describes a vulnerability in the InsydeH2O firmware’s SMM path (AhciBusDxe) where the SWSMI handler registers a buffer pointer without proper validation, specifically the CommBuffer+8 location. This allows an attacker with local access to trigger memory corruption in System Managem...