Vulnerability CVE-2021-38578: Information

Description

Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-38578
Published: March 4, 2022
Modified: Aug. 2, 2023
Error type identifier: CWE-787

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
edk2sisyphus20140722svn2674-alt120231115-alt1ALT-PU-2014-2246-1131596Fixed
edk2p1020221117-alt120221117-alt1ALT-PU-2022-3389-1307814Fixed
edk2p920140722svn2674-alt120201127-alt2ALT-PU-2014-2246-1131596Fixed
edk2c10f120221117-alt120221117-alt1ALT-PU-2022-3389-1307814Fixed
edk2c9f220140722svn2674-alt120200229-alt1ALT-PU-2014-2246-1131596Fixed
edk2p1120140722svn2674-alt120231115-alt1ALT-PU-2014-2246-1131596Fixed
edk2-aarch64sisyphus20221117-alt120231115-alt2ALT-PU-2022-3250-1310911Fixed
edk2-aarch64p1120221117-alt120231115-alt2ALT-PU-2022-3250-1310911Fixed
edk2-toolssisyphus20221117-alt120231115-alt1ALT-PU-2022-3248-1310911Fixed
edk2-toolsp1020221117-alt120221117-alt1ALT-PU-2022-3388-1307814Fixed
edk2-toolsc10f120221117-alt120221117-alt1ALT-PU-2022-3388-1307814Fixed
edk2-toolsp1120221117-alt120231115-alt1ALT-PU-2022-3248-1310911Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.tianocore.org/show_bug.cgi?id=3387
  • Issue Tracking
  • Vendor Advisory
https://www.insyde.com/security-pledge/SA-2023024
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*
      End including
      202202

      Configuration 2

      cpe:2.3:o:insyde:kernel:5.0:*:*:*:*:*:*:*
      cpe:2.3:o:insyde:kernel:5.2:*:*:*:*:*:*:*
      cpe:2.3:o:insyde:kernel:5.3:*:*:*:*:*:*:*
      cpe:2.3:o:insyde:kernel:5.4:*:*:*:*:*:*:*
      cpe:2.3:o:insyde:kernel:5.5:*:*:*:*:*:*:*
      cpe:2.3:o:insyde:kernel:5.1:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top