Vulnerabilities > CVE-2021-33834 - Out-of-bounds Write vulnerability in Insyde H2Offt and Iscflashx64.Sys

CVSS 7.1 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

insyde

CWE-787

NVD

Published: 2023-09-08

Updated: 2023-09-13

Summary

An issue was discovered in iscflashx64.sys 3.9.3.0 in Insyde H2OFFT 6.20.00. When handling IOCTL 0x22229a, the input used to allocate a buffer and copy memory is mishandled. This could cause memory corruption or a system crash.

Vulnerable Configurations

Part	Description	Count
Application	Insyde Insyde Iscflashx64.Sys 3.9.3.0 Insyde H2Offt 6.20.00	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.insyde.com/security-pledge
https://www.insyde.com/security-pledge/SA-2021004