Vulnerability CVE-2021-38578: Information
Description
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
edk2 | sisyphus | 20140722svn2674-alt1 | 20231115-alt1 | ALT-PU-2014-2246-1 | 131596 | Fixed |
edk2 | p10 | 20221117-alt1 | 20221117-alt1 | ALT-PU-2022-3389-1 | 307814 | Fixed |
edk2 | p9 | 20140722svn2674-alt1 | 20201127-alt2 | ALT-PU-2014-2246-1 | 131596 | Fixed |
edk2 | c10f1 | 20221117-alt1 | 20221117-alt1 | ALT-PU-2022-3389-1 | 307814 | Fixed |
edk2 | c9f2 | 20140722svn2674-alt1 | 20200229-alt1 | ALT-PU-2014-2246-1 | 131596 | Fixed |
edk2 | p11 | 20140722svn2674-alt1 | 20231115-alt1 | ALT-PU-2014-2246-1 | 131596 | Fixed |
edk2-aarch64 | sisyphus | 20221117-alt1 | 20231115-alt2 | ALT-PU-2022-3250-1 | 310911 | Fixed |
edk2-aarch64 | p11 | 20221117-alt1 | 20231115-alt2 | ALT-PU-2022-3250-1 | 310911 | Fixed |
edk2-tools | sisyphus | 20221117-alt1 | 20231115-alt1 | ALT-PU-2022-3248-1 | 310911 | Fixed |
edk2-tools | p10 | 20221117-alt1 | 20221117-alt1 | ALT-PU-2022-3388-1 | 307814 | Fixed |
edk2-tools | c10f1 | 20221117-alt1 | 20221117-alt1 | ALT-PU-2022-3388-1 | 307814 | Fixed |
edk2-tools | p11 | 20221117-alt1 | 20231115-alt1 | ALT-PU-2022-3248-1 | 310911 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://bugzilla.tianocore.org/show_bug.cgi?id=3387 |
|
https://www.insyde.com/security-pledge/SA-2023024 |
|