Vulnerabilities > CVE-2021-38578 - Out-of-bounds Write vulnerability in multiple products

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

critical

NVD

Published: 2022-03-03

Updated: 2024-08-06

Summary

Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.

Part	Description	Count
Application	Tianocore Tianocore Edk2 - Tianocore Edk2 2017-11-07 Tianocore Edk2 2020-10-21 Tianocore Edk2 201808 Tianocore Edk2 201811 Tianocore Edk2 201903 Tianocore Edk2 201905 Tianocore Edk2 201908 Tianocore Edk2 201911 Tianocore Edk2 202002 Tianocore Edk2 202005 Tianocore Edk2 202008 Tianocore Edk2 202011 Tianocore Edk2 202102 Tianocore Edk2 202105 Tianocore Edk2 202108 Tianocore Edk2 202111 Tianocore Edk2 202202	22
OS	Insyde Insyde Kernel 5.0 Insyde Kernel 5.2 Insyde Kernel 5.3 Insyde Kernel 5.4 Insyde Kernel 5.5 Insyde Kernel 5.1	6