Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2022018

Product

CVSS Score

Original Date

Last Revised

InsydeH2O

7.5

2022-02-01

Summary

A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated table variable EFI_BOOT_SERVICES. This allows an attacker who is capable of executing code in DXE phase to exploit this vulnerability to escalate privileges to SMM. The attacker can overwrite the LocateProtocol or Freepool memory address location to execute unwanted code .

Vulnerability Details

CVSS Vector: AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2021-41480

This corresponds to CVE-2021-41840. It affects the driver SdHostDriver. This issue was discovered internally by during an Insyde code review but was not entered as a security incident until September 17, 2021. It was independently reported by Binarly (BRLY-2021-019) in September 2021.

Solution Information

The code that fixed the issue can be found in the following Insyde kernel versions, starting on August 28, 2020. Kernel 5.0: not present. Kernel 5.1: not present. Kernel 5.2: 05.23.35 Kernel 5.3: 05.32.35 Kernel 5.4: 05.40.35 Kernel 5.5: not present.

Acknowledgements

Insyde Software would like to thank Binarly for reporting this issue.

Revision History

Revision #

Date

Description

1

2022-02-01

Initial Release