CVE-2021-43615

Name of the Vulnerable Software and Affected Versions Insyde InsydeH2O with kernel versions 5.1 through 05.16.23 Insyde InsydeH2O with kernel versions 5.2 through 05.26.23 Insyde InsydeH2O with kernel versions 5.3 through 05.35.23 Insyde InsydeH2O with kernel versions 5.4 through 05.43.22 Insyde InsydeH2O with kernel versions 5.5 through 05.51.22

Description An SMM memory corruption issue allows an attacker to write fixed or predictable data to SMRAM, potentially leading to escalating privileges to SMM. This could be exploited by an attacker to hijack the execution flow of code running in System Management Mode.

Recommendations For kernel version 5.1 through 05.16.23, update to a version after 05.16.23 to resolve the issue. For kernel version 5.2 through 05.26.23, update to a version after 05.26.23 to resolve the issue. For kernel version 5.3 through 05.35.23, update to a version after 05.35.23 to resolve the issue. For kernel version 5.4 through 05.43.22, update to a version after 05.43.22 to resolve the issue. For kernel version 5.5 through 05.51.22, update to a version after 05.51.22 to resolve the issue.