cvedb.io
CVE-2021-33626
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2021-10-01T03:15:06.593 · Last modified 2026-06-17T03:54:53.523

Summary

A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). This can be used by an attacker to corrupt data in SMRAM memory and even lead to arbitrary code execution.

Affected products

insyde — insydeh2o

Does this affect you?

Add your gear to cvedb and we'll alert you only when insyde ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.