CVE-2021-41839

Name of the Vulnerable Software and Affected Versions Insyde InsydeH2O kernel versions 5.0 through 5.5

Description An issue was discovered in NvmExpressDxe due to an Untrusted Pointer Dereference, causing SMM memory corruption. This allows an attacker to write fixed or predictable data to SMRAM, potentially leading to escalating privileges to SMM. The vulnerability exists in the SMM branch, where a SWSMI handler does not sufficiently check or validate the allocated table variable EFI BOOT SERVICES, enabling an attacker to overwrite address locations of functions like FreePool, LocateHandleBuffer, and HandleProtocol with arbitrary code. On a system call to the SWSMI handler, this arbitrary code can be triggered to execute.

Recommendations For kernel versions 5.0 through 5.5, consider disabling the SWSMI handler or restricting access to the NvmExpressDxe module to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the EFI BOOT SERVICES table variable in the affected SMM branch. At the moment, there is no information about a newer version that contains a fix for this vulnerability.