cnvd - cnvd-2022-10034

cnvd-2022-10034

Vulnerability from cnvd

Title: Insyde InsydeH2O内存损坏漏洞

Description:

Insyde InsydeH2O是中国台湾系微（Insyde）公司的一个C语言源，它实现了新技术“EFI/UEFI”规范，旨在取代传统的BIOS（基本输入/输出系统）。

Insyde InsydeH2O存在内存损坏漏洞，该漏洞源于内核中某些SMM驱动程序未正确验证CommBuffer和CommBufferSize参数，从而导致调用程序损坏固件或操作系统内存，攻击者可利用该漏洞通过损坏系统造成拒绝服务。

Severity: 中

Formal description:

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.insyde.com/security-pledge/SA-2021001

Reference: https://www.insyde.com/security-pledge/SA-2021001

Impacted products

Name
Insyde InsydeH2O 5.*

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-33626",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-33626"
    }
  },
  "description": "Insyde InsydeH2O\u662f\u4e2d\u56fd\u53f0\u6e7e\u7cfb\u5fae\uff08Insyde\uff09\u516c\u53f8\u7684\u4e00\u4e2aC\u8bed\u8a00\u6e90\uff0c\u5b83\u5b9e\u73b0\u4e86\u65b0\u6280\u672f\u201cEFI/UEFI\u201d\u89c4\u8303\uff0c\u65e8\u5728\u53d6\u4ee3\u4f20\u7edf\u7684BIOS\uff08\u57fa\u672c\u8f93\u5165/\u8f93\u51fa\u7cfb\u7edf\uff09\u3002\n\nInsyde InsydeH2O\u5b58\u5728\u5185\u5b58\u635f\u574f\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5185\u6838\u4e2d\u67d0\u4e9bSMM\u9a71\u52a8\u7a0b\u5e8f\u672a\u6b63\u786e\u9a8c\u8bc1CommBuffer\u548cCommBufferSize\u53c2\u6570\uff0c\u4ece\u800c\u5bfc\u81f4\u8c03\u7528\u7a0b\u5e8f\u635f\u574f\u56fa\u4ef6\u6216\u64cd\u4f5c\u7cfb\u7edf\u5185\u5b58\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u635f\u574f\u7cfb\u7edf\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.insyde.com/security-pledge/SA-2021001",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-10034",
  "openTime": "2022-02-14",
  "products": {
    "product": "Insyde InsydeH2O 5.*"
  },
  "referenceLink": "https://www.insyde.com/security-pledge/SA-2021001",
  "serverity": "\u4e2d",
  "submitTime": "2021-10-08",
  "title": "Insyde InsydeH2O\u5185\u5b58\u635f\u574f\u6f0f\u6d1e"
}

CVE-2021-33626 (GCVE-0-2021-33626)

Vulnerability from cvelistv5

Published

2021-10-01 02:21

Modified

2024-08-03 23:58

Severity ?

CWE

Summary

A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.

References

▼	URL	Tags
	https://www.insyde.com/security-pledge	x_refsource_MISC
	https://www.insyde.com/security-pledge/SA-2021001	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20220216-0006/	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:58:21.523Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.insyde.com/security-pledge"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.insyde.com/security-pledge/SA-2021001"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220216-0006/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-22T19:07:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.insyde.com/security-pledge"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.insyde.com/security-pledge/SA-2021001"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220216-0006/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-33626",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.insyde.com/security-pledge",
              "refsource": "MISC",
              "url": "https://www.insyde.com/security-pledge"
            },
            {
              "name": "https://www.insyde.com/security-pledge/SA-2021001",
              "refsource": "MISC",
              "url": "https://www.insyde.com/security-pledge/SA-2021001"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220216-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220216-0006/"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf"
            }
          ]
        },
        "source": {
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-33626",
    "datePublished": "2021-10-01T02:21:29",
    "dateReserved": "2021-05-28T00:00:00",
    "dateUpdated": "2024-08-03T23:58:21.523Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted