CVE-2021-33625
Description
An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI services that use the Communicate() function of the EFISMMCOMMUNICATIONPROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.063
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2021-33625) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234