Login Sign Up

CVE-2021-42060

8.2 HIGH

📋 TL;DR

This vulnerability allows attackers to hijack execution flow in System Management Mode (SMM) through an Int15ServiceSmm callout. Exploitation could lead to privilege escalation to SMM, giving attackers high-level system control. Affected systems include devices with InsydeH2O UEFI firmware in specified kernel versions.

💻 Affected Systems

Products:
  • InsydeH2O UEFI firmware
Versions: Kernel 5.0 through 05.08.41, Kernel 5.1 through 05.16.41, Kernel 5.2 before 05.23.22, Kernel 5.3 before 05.32.22
Operating Systems: Any OS running on affected firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Affects various OEM devices using InsydeH2O firmware; check with device manufacturer for specific models.

📦 What is this software?

Insydeh2o by Insyde

View all CVEs affecting Insydeh2o →

Insydeh2o by Insyde

View all CVEs affecting Insydeh2o →

Insydeh2o by Insyde

View all CVEs affecting Insydeh2o →

Insydeh2o by Insyde

View all CVEs affecting Insydeh2o →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with SMM-level privileges, allowing persistent malware installation, firmware modification, and bypassing of all OS-level security controls.

🟠

Likely Case

Privilege escalation from user/admin to SMM level, enabling firmware persistence, data theft, and system manipulation.

🟢

If Mitigated

Limited impact if SMM protections are enforced and firmware integrity is maintained, though risk remains elevated.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires local access and SMM knowledge; no public exploits known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel 5.2 05.23.22+, Kernel 5.3 05.32.22+, and updated versions for older kernels

Vendor Advisory: https://www.insyde.com/security-pledge/SA-2022007

Restart Required: Yes

Instructions:

1. Contact device manufacturer for firmware update. 2. Download appropriate firmware update. 3. Apply update following manufacturer instructions. 4. Reboot system.

🔧 Temporary Workarounds

Restrict physical access

all

Limit physical access to vulnerable systems to reduce attack surface.

Enable secure boot

all

Ensure secure boot is enabled to verify firmware integrity.

🧯 If You Can't Patch

  • Isolate affected systems on network segments with strict access controls.
  • Implement endpoint detection and response (EDR) to monitor for suspicious SMM activity.

🔍 How to Verify

Check if Vulnerable:

Check firmware version in UEFI/BIOS settings or using manufacturer-specific tools.

Check Version:

Manufacturer-specific; typically accessed via UEFI/BIOS setup or system information tools.

Verify Fix Applied:

Verify firmware version after update matches patched versions listed in advisory.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected SMM callouts
  • Firmware modification attempts
  • Privilege escalation patterns

Network Indicators:

  • Unusual outbound connections from firmware level

SIEM Query:

Search for firmware-related alerts or SMM access patterns in security logs.

📊 Metadata

CVE ID: CVE-2021-42060
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Published: February 3, 2022
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON