CVE-2021-38575
edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe
Severity Score
8.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.
NetworkPkg/IScsiDxe presenta unos desbordamientos de bĂșfer explotables de forma remota
A flaw was found in edk2. Missing checks in the IScsiHexToBin function in NetworkPkg/IScsiDxe lead to a buffer overflow allowing a remote attacker, who can inject himself in the communication between edk2 and the iSCSI target, to write arbitrary data to any address in the edk2 firmware and potentially execute code. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-08-11 CVE Reserved
- 2021-09-21 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-10-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-124: Buffer Underwrite ('Buffer Underflow')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://www.insyde.com/security-pledge/SA-2023025 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.tianocore.org/show_bug.cgi?id=3356 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2021-38575 | 2021-08-31 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1956284 | 2021-08-31 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tianocore Search vendor "Tianocore" | Edk2 Search vendor "Tianocore" for product "Edk2" | <= 202105 Search vendor "Tianocore" for product "Edk2" and version " <= 202105" | - |
Affected
| ||||||
| Insyde Search vendor "Insyde" | Kernel Search vendor "Insyde" for product "Kernel" | 5.0 Search vendor "Insyde" for product "Kernel" and version "5.0" | - |
Affected
| ||||||
| Insyde Search vendor "Insyde" | Kernel Search vendor "Insyde" for product "Kernel" | 5.1 Search vendor "Insyde" for product "Kernel" and version "5.1" | - |
Affected
| ||||||
| Insyde Search vendor "Insyde" | Kernel Search vendor "Insyde" for product "Kernel" | 5.2 Search vendor "Insyde" for product "Kernel" and version "5.2" | - |
Affected
| ||||||
| Insyde Search vendor "Insyde" | Kernel Search vendor "Insyde" for product "Kernel" | 5.3 Search vendor "Insyde" for product "Kernel" and version "5.3" | - |
Affected
| ||||||
| Insyde Search vendor "Insyde" | Kernel Search vendor "Insyde" for product "Kernel" | 5.4 Search vendor "Insyde" for product "Kernel" and version "5.4" | - |
Affected
| ||||||
| Insyde Search vendor "Insyde" | Kernel Search vendor "Insyde" for product "Kernel" | 5.5 Search vendor "Insyde" for product "Kernel" and version "5.5" | - |
Affected
| ||||||