Insyde's Security Pledge
Recent Security Advisories
INSYDE-SA-2022018
Product
CVSS Score
Original Date
Last Revised
InsydeH2O
7.5
2022-02-01
Summary
A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated table variable EFI_BOOT_SERVICES. This allows an attacker who is capable of executing code in DXE phase to exploit this vulnerability to escalate privileges to SMM. The attacker can overwrite the LocateProtocol or Freepool memory address location to execute unwanted code .
Vulnerability Details
CVSS Vector: AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
This corresponds to CVE-2021-41840. It affects the driver SdHostDriver. This issue was discovered internally by during an Insyde code review but was not entered as a security incident until September 17, 2021. It was independently reported by Binarly (BRLY-2021-019) in September 2021.
Solution Information
The code that fixed the issue can be found in the following Insyde kernel versions, starting on August 28, 2020. Kernel 5.0: not present. Kernel 5.1: not present. Kernel 5.2: 05.23.35 Kernel 5.3: 05.32.35 Kernel 5.4: 05.40.35 Kernel 5.5: not present.
Acknowledgements
Insyde Software would like to thank Binarly for reporting this issue.
Revision History
Revision #
Date
Description
1
2022-02-01
Initial Release