CVE-2021-38575Buffer Underflow in EDK II

CWE-124Buffer UnderflowCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources
Severity
8.1HIGHNVD
EPSS
0.5%
top 32.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Tianocore Edk2Tianocore EDK IIInsyde Kernel
Timeline
PublishedDec 1
Latest updateOct 10

Description

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages4 packages

Debiantianocore/edk2< 2020.11-2+deb11u3+3
NVDtianocore/edk2202105
CVEListV5tianocore/edk_iiunspecifiededk2-stable202105
NVDinsyde/kernel6 versions+5

🔴Vulnerability Details

3
GHSA
GHSA-7cjm-mv56-4mg4: NetworkPkg/IScsiDxe has remotely exploitable buffer overflows2021-12-02
CVEList
CVE-2021-38575: NetworkPkg/IScsiDxe has remotely exploitable buffer overflows2021-12-01
OSV
CVE-2021-38575: NetworkPkg/IScsiDxe has remotely exploitable buffer overflows2021-12-01

📋Vendor Advisories

4
Ubuntu
EDK II vulnerabilities2024-10-10
Ubuntu
EDK II vulnerabilities2021-09-23
Red Hat
edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe2021-06-08
Debian
CVE-2021-38575: edk2 - NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.2021
CVE-2021-38575 — Buffer Underflow in Tianocore EDK II | cvebase