CVE-2021-38578
published 2022-03-03CVE-2021-38578: Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | edk2 | < edk2 2022.11-1 (bookworm) | edk2 2022.11-1 (bookworm) |
| insyde | kernel | — | — |
| insyde | kernel | — | — |
| insyde | kernel | — | — |
| insyde | kernel | — | — |
| insyde | kernel | — | — |
| insyde | kernel | — | — |
| msrc | cbl2_qemu_6.2.0-24_on_cbl_mariner_2.0 | — | — |
| tianocore | edk2 | <= 202202 | — |
| tianocore | edk2 | >= 0 < 2020.11-2+deb11u3 | 2020.11-2+deb11u3 |
| tianocore | edk2 | >= 0 < 2022.11-1 | 2022.11-1 |
| tianocore | edk2 | >= 0 < 2022.11-1 | 2022.11-1 |
| tianocore | edk2 | >= 0 < 2022.11-1 | 2022.11-1 |
| tianocore | edk2 | >= 0 < 0~20191122.bd85bf54-2ubuntu3.6 | 0~20191122.bd85bf54-2ubuntu3.6 |
| tianocore | edk2 | >= 0 < 2022.02-3ubuntu0.22.04.3 | 2022.02-3ubuntu0.22.04.3 |
| tianocore | edk2 | >= 0 < 0~20160408.ffea0a2c-2ubuntu0.2+esm3 | 0~20160408.ffea0a2c-2ubuntu0.2+esm3 |
| tianocore | edk2 | >= 0 < 0~20180205.c0d9813c-2ubuntu0.3+esm2 | 0~20180205.c0d9813c-2ubuntu0.3+esm2 |
| tianocore | edk_ii | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL