Vulnerability Database
Blog
FAQ
Docs
arrow_forward
search
CVE-2021-38578
See a problem?
Please try reporting it
to the source
first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-38578
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-38578.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-38578
Downstream
DEBIAN-CVE-2021-38578
DLA-4207-1
OESA-2022-2122
RHSA-2023:2165
SUSE-SU-2023:1921-1
SUSE-SU-2023:1940-1
SUSE-SU-2023:1941-1
SUSE-SU-2023:1958-1
SUSE-SU-2023:1968-1
SUSE-SU-2023:2234-1
UBUNTU-CVE-2021-38578
USN-7060-1
openSUSE-SU-2024:12542-1
Related
ALSA-2023:2165
SUSE-SU-2023:1921-1
SUSE-SU-2023:1940-1
SUSE-SU-2023:1941-1
SUSE-SU-2023:1958-1
SUSE-SU-2023:1968-1
SUSE-SU-2023:2234-1
openSUSE-SU-2024:12542-1
Published
2022-03-03T22:15:08Z
Modified
2025-09-24T11:06:44.698325Z
Severity
9.8 (Critical)
CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Calculator
Summary
[none]
Details
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
References
https://bugzilla.tianocore.org/show_bug.cgi?id=3387
https://www.insyde.com/security-pledge/SA-2023024
Affected packages
Git
/
github.com/tianocore/edk2
Affected ranges
Type
GIT
Repo
https://github.com/tianocore/edk2
Events
Introduced
0
Unknown introduced commit / All previous commits are affected
Last affected
b24306f15daa2ff8510b06702114724b33895d3c
Affected versions
Other
edk2-stable201808
edk2-stable201811
edk2-stable201903
edk2-stable201905
edk2-stable201908
edk2-stable201911
edk2-stable202002
edk2-stable202005
edk2-stable202008
edk2-stable202011
edk2-stable202102
edk2-stable202105
edk2-stable202108
edk2-stable202108-rc0
edk2-stable202108-rc1
edk2-stable202111
edk2-stable202111-rc1
edk2-stable202202
edk2-stable202202-rc1
CVE-2021-38578 - OSV