CVE-2021-39298

3 documents3 sources

Severity

8.8HIGH

EPSS

0.1%

top 82.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

192

HP Elite Dragonfly Firmware HP Elite Dragonfly G2 Firmware HP Elite Dragonfly MAX Firmware +189 more

Timeline

PublishedFeb 16

Latest updateFeb 17

Description

A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages192 packages

▶NVDhp/mp9_g4_retail_system_firmware< 02.18.00

▶NVDhp/engage_flex_mini_retail_system_firmware< 02.10.00

▶NVDhp/elite_x2_g4_firmware< 01.12.00

▶NVDhp/zbook_15_g5_firmware< 01.19.00

▶NVDhp/zbook_15_g6_firmware< 01.12.00

🔴Vulnerability Details

GHSA

GHSA-jxf5-m5fg-rw27: Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code↗2022-02-17

▶

CVEList

CVE-2021-39298: A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting↗2022-02-16

▶