CVE-2021-33627

Name of the Vulnerable Software and Affected Versions Insyde InsydeH2O Kernel versions 5.0 through 5.0 before 05.09.11 Insyde InsydeH2O Kernel versions 5.1 through 5.1 before 05.17.11 Insyde InsydeH2O Kernel versions 5.2 through 5.2 before 05.27.11 Insyde InsydeH2O Kernel versions 5.3 through 5.3 before 05.36.11 Insyde InsydeH2O Kernel versions 5.4 through 5.4 before 05.44.11 Insyde InsydeH2O Kernel versions 5.5 through 5.5 before 05.52.11

Description An issue was discovered in Insyde InsydeH2O Kernel affecting FwBlockServiceSmm. Software SMI services that use the Communicate() function of the EFI SMM COMMUNICATION PROTOCOL do not check whether the address of the buffer is valid, which allows use of SMRAM, MMIO, or OS kernel addresses. This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.

Recommendations For Insyde InsydeH2O Kernel version 5.0 before 05.09.11, update to version 05.09.11 or later. For Insyde InsydeH2O Kernel version 5.1 before 05.17.11, update to version 05.17.11 or later. For Insyde InsydeH2O Kernel version 5.2 before 05.27.11, update to version 05.27.11 or later. For Insyde InsydeH2O Kernel version 5.3 before 05.36.11, update to version 05.36.11 or later. For Insyde InsydeH2O Kernel version 5.4 before 05.44.11, update to version 05.44.11 or later. For Insyde InsydeH2O Kernel version 5.5 before 05.52.11, update to version 05.52.11 or later.