7.2

CVE-2021-42059

An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE driver.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.35% 0.264
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf
Third Party Advisory
https://www.insyde.com/security-pledge
Vendor Advisory
https://security.netapp.com/advisory/ntap-20220216-0008/
Third Party Advisory
https://www.insyde.com/security-pledge/SA-2022006
Vendor Advisory
https://www.kb.cert.org/vuls/id/796611