CVE-2021-41841

Name of the Vulnerable Software and Affected Versions Insyde InsydeH2O kernel versions 5.0 through 5.5

Description An issue in AhciBusDxe allows an attacker to access the System Management Mode and execute arbitrary code due to the inclusion of functionality from an untrusted control sphere. This is caused by an SMM callout. Additionally, a vulnerability exists in the SMM branch that registers a SWSMI handler, which does not sufficiently check or validate allocated table variables EFI BOOT SERVICES and EFI RUNTIME SERVICES, allowing an attacker to overwrite the address location of the LocateHandleBuffer function to execute arbitrary code.

Recommendations For kernel versions 5.0 through 5.5, consider disabling the SMM callout in AhciBusDxe as a temporary workaround until a patch is available. Restrict access to the SWSMI handler to minimize the risk of exploitation. Avoid using the EFI BOOT SERVICES and EFI RUNTIME SERVICES variables in the affected SMM branch until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.