Vulnerabilities > CVE-2021-41841 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Insyde Insydeh2O

CVSS 8.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

insyde

CWE-829

NVD

Published: 2022-02-03

Updated: 2022-03-29

Summary

An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere.

Vulnerable Configurations

Part	Description	Count
Application	Insyde Insyde Insydeh2O 5.0 Insyde Insydeh2O 05.0A.11 Insyde Insydeh2O 5.1 Insyde Insydeh2O 5.2 Insyde Insydeh2O 5.2.05.27.29 Insyde Insydeh2O 5.2.05.28.22 Insyde Insydeh2O 5.2.05.28.33 Insyde Insydeh2O 5.2.05.28.47 Insyde Insydeh2O 5.3 Insyde Insydeh2O 5.3.05.36.29 Insyde Insydeh2O 5.3.05.37.17 Insyde Insydeh2O 5.3.05.37.22 Insyde Insydeh2O 5.3.05.37.33 Insyde Insydeh2O 5.3.05.37.47 Insyde Insydeh2O 5.4 Insyde Insydeh2O 5.4.05.44.13 Insyde Insydeh2O 5.4.05.45.17 Insyde Insydeh2O 5.4.05.45.22 Insyde Insydeh2O 5.4.05.45.33 Insyde Insydeh2O 5.4.05.45.47 Insyde Insydeh2O 5.5 Insyde Insydeh2O 5.5.05.52.13 Insyde Insydeh2O 5.5.05.53.17 Insyde Insydeh2O 5.5.05.53.22 Insyde Insydeh2O 5.5.05.53.33 Insyde Insydeh2O 5.5.05.53.47 Insyde Insydeh2O 5.6 Insyde Insydeh2O 5.6.05.60.17 Insyde Insydeh2O 5.6.05.60.22 Insyde Insydeh2O 5.6.05.60.33 Insyde Insydeh2O 5.6.05.60.47 Insyde Insydeh2O 5.08.29 Insyde Insydeh2O 5.08.41 Insyde Insydeh2O 5.08.45 Insyde Insydeh2O 05.08.46 Insyde Insydeh2O 5.12.09.0074 Insyde Insydeh2O 5.14.34 Insyde Insydeh2O 05.15.11 Insyde Insydeh2O 5.16.23 Insyde Insydeh2O 5.16.25 Insyde Insydeh2O 5.16.29 Insyde Insydeh2O 5.16.41 Insyde Insydeh2O 5.16.42 Insyde Insydeh2O 5.16.45 Insyde Insydeh2O 05.16.46 Insyde Insydeh2O 05.18.03 Insyde Insydeh2O 5.23.04.0045 Insyde Insydeh2O 5.23.22 Insyde Insydeh2O 5.23.35 Insyde Insydeh2O 5.23.45.0023 Insyde Insydeh2O 5.24.34 Insyde Insydeh2O 05.25.11 Insyde Insydeh2O 5.25.44 Insyde Insydeh2O 5.26.23 Insyde Insydeh2O 5.26.25 Insyde Insydeh2O 5.26.29 Insyde Insydeh2O 5.26.41 Insyde Insydeh2O 5.26.42 Insyde Insydeh2O 5.26.45 Insyde Insydeh2O 05.26.46 Insyde Insydeh2O 05.27.23 Insyde Insydeh2O 05.27.37 Insyde Insydeh2O 05.28.03 Insyde Insydeh2O 05.28.19 Insyde Insydeh2O 5.32.22 Insyde Insydeh2O 5.32.35 Insyde Insydeh2O 5.33.15.0034 Insyde Insydeh2O 5.33.34 Insyde Insydeh2O 5.33.45 Insyde Insydeh2O 5.34.03.0029 Insyde Insydeh2O 05.34.11 Insyde Insydeh2O 5.34.44 Insyde Insydeh2O 5.35.23 Insyde Insydeh2O 5.35.25 Insyde Insydeh2O 5.35.29 Insyde Insydeh2O 5.35.41 Insyde Insydeh2O 5.35.42 Insyde Insydeh2O 05.35.46 Insyde Insydeh2O 05.36.23 Insyde Insydeh2O 05.36.37 Insyde Insydeh2O 05.37.03 Insyde Insydeh2O 05.37.19 Insyde Insydeh2O 5.40.35 Insyde Insydeh2O 5.42.03.0010 Insyde Insydeh2O 05.42.11 Insyde Insydeh2O 5.42.20 Insyde Insydeh2O 05.42.37.0031 Insyde Insydeh2O 5.42.44 Insyde Insydeh2O 05.42.52.0026 Insyde Insydeh2O 05.43.01.0026 Insyde Insydeh2O 05.43.06.0021 Insyde Insydeh2O 05.43.12.0056 Insyde Insydeh2O 5.43.22 Insyde Insydeh2O 5.43.25 Insyde Insydeh2O 5.43.29 Insyde Insydeh2O 5.43.41 Insyde Insydeh2O 5.43.42 Insyde Insydeh2O 5.43.45 Insyde Insydeh2O 05.43.46 Insyde Insydeh2O 05.44.23 Insyde Insydeh2O 05.44.30.0022 Insyde Insydeh2O 05.44.34.0054 Insyde Insydeh2O 05.44.34.0055 Insyde Insydeh2O 05.44.45 Insyde Insydeh2O 05.44.45.0015 Insyde Insydeh2O 05.44.45.0017 Insyde Insydeh2O 05.44.45.0028 Insyde Insydeh2O 05.45.01 Insyde Insydeh2O 05.45.19 Insyde Insydeh2O 05.45.24.0039 Insyde Insydeh2O 05.45.38.0005 Insyde Insydeh2O 5.51.22 Insyde Insydeh2O 05.51.25 Insyde Insydeh2O 5.51.25	114

Common Weakness Enumeration (CWE)

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References