CVE-2021-41840

Name of the Vulnerable Software and Affected Versions InsydeH2O kernel versions 5.0 through 5.5

Description An issue in NvmExpressDxe allows an attacker to access the System Management Mode and execute arbitrary code due to the inclusion of functionality from an untrusted control sphere. This vulnerability exists in the SMM branch, which registers a SWSMI handler that does not sufficiently check or validate the allocated table variable EFI BOOT SERVICES. As a result, an attacker capable of executing code in the DXE phase can exploit this issue to escalate privileges to SMM, potentially overwriting the LocateProtocol or Freepool memory address location to execute unwanted code.

Recommendations For kernel versions 5.0 through 5.5, consider disabling the SMM callout in NvmExpressDxe as a temporary workaround until a patch is available. Restrict access to the SWSMI handler to minimize the risk of exploitation. Avoid using the EFI BOOT SERVICES variable in the affected SMM branch until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.