Vulnerabilities > CVE-2021-42060 - Unspecified vulnerability in Insyde Insydeh2O

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

insyde

NVD

Published: 2022-02-03

Updated: 2022-03-29

Summary

An issue was discovered in Insyde InsydeH2O Kernel 5.0 through 05.08.41, Kernel 5.1 through 05.16.41, Kernel 5.2 before 05.23.22, and Kernel 5.3 before 05.32.22. An Int15ServiceSmm SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM.

Vulnerable Configurations

Part	Description	Count
Application	Insyde Insyde Insydeh2O 5.2 Insyde Insydeh2O 5.3 Insyde Insydeh2O 5.4 Insyde Insydeh2O 5.5 Insyde Insydeh2O 5.08.29 Insyde Insydeh2O 5.08.41 Insyde Insydeh2O 5.08.45 Insyde Insydeh2O 05.08.46 Insyde Insydeh2O 5.12.09.0074 Insyde Insydeh2O 5.14.34 Insyde Insydeh2O 05.15.11 Insyde Insydeh2O 5.16.23 Insyde Insydeh2O 5.16.25 Insyde Insydeh2O 5.16.29 Insyde Insydeh2O 5.16.41 Insyde Insydeh2O 5.16.42 Insyde Insydeh2O 5.16.45 Insyde Insydeh2O 05.16.46 Insyde Insydeh2O 5.23.04.0045 Insyde Insydeh2O 5.23.22 Insyde Insydeh2O 5.23.35 Insyde Insydeh2O 5.23.45.0023 Insyde Insydeh2O 5.24.34 Insyde Insydeh2O 05.25.11 Insyde Insydeh2O 5.25.44 Insyde Insydeh2O 5.26.23 Insyde Insydeh2O 5.26.25 Insyde Insydeh2O 5.26.29 Insyde Insydeh2O 5.26.41 Insyde Insydeh2O 5.26.42 Insyde Insydeh2O 5.26.45 Insyde Insydeh2O 05.26.46 Insyde Insydeh2O 5.32.22 Insyde Insydeh2O 5.1 Insyde Insydeh2O 5.0	35

Summary

Vulnerable Configurations

References