CVE-2021-41837 : An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde In

An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write fixed or predictable data to SMRAM. Exploiting this issue could lead to escalating privileges to SMM.

Published 2022-02-03 02:15:07

Updated 2022-03-01 19:43:29

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowMemory Corruption

Products affected by CVE-2021-41837

Siemens » Simatic Ipc427e Firmware
cpe:2.3:o:siemens:simatic_ipc427e_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Ipc427e » Version: N/A
Siemens » Simatic Ipc477e Firmware
cpe:2.3:o:siemens:simatic_ipc477e_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Ipc477e » Version: N/A
Siemens » Simatic Itp1000 Firmware
cpe:2.3:o:siemens:simatic_itp1000_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Itp1000 » Version: N/A
Siemens » Simatic Field Pg M5 Firmware
cpe:2.3:o:siemens:simatic_field_pg_m5_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Field Pg M5 » Version: N/A
Siemens » Simatic Field Pg M6 Firmware
cpe:2.3:o:siemens:simatic_field_pg_m6_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Field Pg M6 » Version: N/A
Siemens » Simatic Ipc127e Firmware
cpe:2.3:o:siemens:simatic_ipc127e_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Ipc127e » Version: N/A
Siemens » Simatic Ipc227g Firmware
cpe:2.3:o:siemens:simatic_ipc227g_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Ipc227g » Version: N/A
Siemens » Simatic Ipc277g Firmware
cpe:2.3:o:siemens:simatic_ipc277g_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Ipc277g » Version: N/A
Siemens » Simatic Ipc327g Firmware
cpe:2.3:o:siemens:simatic_ipc327g_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Ipc327g » Version: N/A
Siemens » Simatic Ipc377g Firmware
cpe:2.3:o:siemens:simatic_ipc377g_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Ipc377g » Version: N/A
Siemens » Simatic Ipc627e Firmware
cpe:2.3:o:siemens:simatic_ipc627e_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Ipc627e » Version: N/A
Siemens » Simatic Ipc647e Firmware
cpe:2.3:o:siemens:simatic_ipc647e_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Ipc647e » Version: N/A
Siemens » Simatic Ipc677e Firmware
cpe:2.3:o:siemens:simatic_ipc677e_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Ipc677e » Version: N/A
Siemens » Simatic Ipc847e Firmware
cpe:2.3:o:siemens:simatic_ipc847e_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Siemens » Simatic Ipc847e » Version: N/A
Insyde » Insydeh2o
Versions from including (>=) 5.1 and before (<) 5.16.41
cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
Matching versions
Insyde » Insydeh2o
Versions from including (>=) 5.3 and before (<) 5.35.41
cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
Matching versions
Insyde » Insydeh2o
Versions from including (>=) 5.4 and before (<) 5.43.41
cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
Matching versions
Insyde » Insydeh2o
Versions from including (>=) 5.0 and before (<) 5.08.41
cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
Matching versions
Insyde » Insydeh2o
Versions from including (>=) 5.2 and before (<) 5.26.41
cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
Matching versions
Insyde » Insydeh2o
Versions from including (>=) 5.5 and before (<) 5.51.41
cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-41837

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 18 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-41837

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.2	HIGH	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	1.5	6.0	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-41837

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-41837

https://www.insyde.com/security-pledge/SA-2022024

Insyde Security Advisory 2022024 | Insyde Software
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf

Third Party Advisory

CVEs referencing this url
https://www.insyde.com/security-pledge

Insyde's Security Pledge | Insyde Software
Vendor Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20220222-0003/

CVE-2021-41837 InsydeH20 Vulnerability in NetApp Products | NetApp Product Security
Third Party Advisory

Jump to

Vulnerability Details : CVE-2021-41837

Products affected by CVE-2021-41837

Exploit prediction scoring system (EPSS) score for CVE-2021-41837

CVSS scores for CVE-2021-41837

CWE ids for CVE-2021-41837

References for CVE-2021-41837