CVE-2021-38578

Summary

Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.

Affected Software

VendorProductVersion RangeStatus
TianoCoreEDK IIedk2-stable202208affected

Weaknesses

  • CWE-124: A case of CWE-124 is occurring in PiSmmCore.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References