Buffer Underflow Issue in Firmware from Insyde Software
CVE-2021-38578

7.4HIGH

Key Information:

Vendor: Tianocore
Status: Edk Ii
Vendor: CVE Published:; 3 March 2022

What is CVE-2021-38578?

A buffer underflow vulnerability exists in the SmmEntryPoint of Insyde Software's firmware due to inadequate checks in the CommBuffer logic. This flaw arises when the BufferSize is computed, allowing for potential data corruption and unpredictable behavior. It is crucial for users of affected firmware versions to implement the latest patches to safeguard against potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

EDK II edk2-stable202208

References

https://bugzilla.tianocore.org/show_bug.cgi?id=3387

x_refsource_MISC

https://www.insyde.com/security-pledge/SA-2023024

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 3, 2022
Vulnerability Reserved
Aug 11, 2021

JSON

Tianocore

What is CVE-2021-38578?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.