{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "EDK II", "vendor": "TianoCore", "versions": [{"status": "affected", "version": "edk2-stable202208"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.</p>"}], "value": "Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-124", "description": "A case of CWE-124 is occurring in PiSmmCore.", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "65518388-201a-4f93-8712-366d21fe8d2c", "shortName": "TianoCore", "dateUpdated": "2024-08-06T00:55:57.322Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3387"}, {"url": "https://www.insyde.com/security-pledge/SA-2023024"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3387"}, {"url": "https://www.insyde.com/security-pledge/SA-2023024", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:26:15.934Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T13:13:33.412696Z", "id": "CVE-2021-38578", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T18:59:05.792Z"}}]}, "cveMetadata": {"assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c", "assignerShortName": "TianoCore", "cveId": "CVE-2021-38578", "datePublished": "2022-03-03T21:53:37.000Z", "dateReserved": "2021-08-11T00:00:00.000Z", "dateUpdated": "2025-11-03T19:26:15.934Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3387", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://www.insyde.com/security-pledge/SA-2023024", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:26:15.934Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-38578", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-23T13:13:33.412696Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T13:13:35.320Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TianoCore", "product": "EDK II", "versions": [{"status": "affected", "version": "edk2-stable202208"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3387", "tags": ["x_refsource_MISC"]}, {"url": "https://www.insyde.com/security-pledge/SA-2023024"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.", "supportingMedia": [{"type": "text/html", "value": "<p>Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-124", "description": "A case of CWE-124 is occurring in PiSmmCore."}]}], "providerMetadata": {"orgId": "65518388-201a-4f93-8712-366d21fe8d2c", "shortName": "TianoCore", "dateUpdated": "2024-08-06T00:55:57.322Z"}}}, "cveMetadata": {"cveId": "CVE-2021-38578", "state": "PUBLISHED", "dateUpdated": "2025-11-03T19:26:15.934Z", "dateReserved": "2021-08-11T00:00:00.000Z", "assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c", "datePublished": "2022-03-03T21:53:37.000Z", "assignerShortName": "TianoCore"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*", "matchCriteriaId": "A2B1E98B-2D63-42E3-B6F8-139CC32BA4B0", "versionEndIncluding": "202202", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:insyde:kernel:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "FFCC4619-B867-4E23-AF05-FF92B43628AF", "vulnerable": true}, {"criteria": "cpe:2.3:o:insyde:kernel:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "FB40061A-BEDF-4D72-BF2D-D1B10EB80A60", "vulnerable": true}, {"criteria": "cpe:2.3:o:insyde:kernel:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "9D6AFE61-A2A4-49DF-A8EE-B2F425DA7A08", "vulnerable": true}, {"criteria": "cpe:2.3:o:insyde:kernel:5.3:*:*:*:*:*:*:*", "matchCriteriaId": "D21132C0-F2CF-4134-A165-926155031913", "vulnerable": true}, {"criteria": "cpe:2.3:o:insyde:kernel:5.4:*:*:*:*:*:*:*", "matchCriteriaId": "6549F7F1-A438-4C84-9D66-C89C697E2A9B", "vulnerable": true}, {"criteria": "cpe:2.3:o:insyde:kernel:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "DE339FA1-8572-4365-B420-530D62686C08", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize."}, {"lang": "es", "value": "Unas comprobaciones existentes de CommBuffer en SmmEntryPoint no detectan el desbordamiento cuando es calculado BufferSize"}], "id": "CVE-2021-38578", "lastModified": "2025-11-03T20:15:49.767", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 6.0, "source": "infosec@edk2.groups.io", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-03T22:15:08.423", "references": [{"source": "infosec@edk2.groups.io", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3387"}, {"source": "infosec@edk2.groups.io", "tags": ["Third Party Advisory"], "url": "https://www.insyde.com/security-pledge/SA-2023024"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=3387"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.insyde.com/security-pledge/SA-2023024"}], "sourceIdentifier": "infosec@edk2.groups.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-124"}], "source": "infosec@edk2.groups.io", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:2165", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "edk2-0:20221207gitfff6d81270b5-9.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}], "bugzilla": {"description": "edk2: integer underflow in SmmEntryPoint function leads to potential SMM privilege escalation", "id": "1960321", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1960321"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L", "status": "verified"}, "cwe": "(CWE-124|CWE-787)", "details": ["Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.", "A flaw was found in edk2. A integer underflow in the SmmEntryPoint function leads to a write into the SMM region allowing a local attacker with administration privileges on the system to execute code within the SMM privileged context. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "name": "CVE-2021-38578", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ovmf", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2022-03-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-38578\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-38578"], "threat_severity": "Moderate"}