CVE-2021-42059

medium

Description

An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. A stack-based buffer overflow leads toarbitrary code execution in UEFI DisplayTypeDxe DXE driver.

References

https://www.insyde.com/security-pledge/SA-2022006

https://www.insyde.com/security-pledge

https://security.netapp.com/advisory/ntap-20220216-0008/

https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf

Details

Source: Mitre, NVD

Published: 2022-02-03

Updated: 2022-04-18

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 6.7

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: Medium