CVE-2021-38575

HIGH
Published Dec 1, 20214y ago · Modified Jun 17, 20262w ago
8.1 CVSS 3.1
High
Find Similar
Published Dec 1, 2021 4y ago
Last Modified Jun 17, 2026 2w ago

Description

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.

CVSS Details

Base Score
8.1
Exploitability
2.2
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 2

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
CWE-124

Affected Products 7

VendorProductVersionRange
tianocoreedk2* ≤202105
insydekernel5.0any
insydekernel5.1any
insydekernel5.2any
insydekernel5.3any
insydekernel5.4any
insydekernel5.5any

References 3

  • bugzilla.tianocore.org https://bugzilla.tianocore.org/show_bug.cgi?id=3356
    ExploitIssue TrackingVendor Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html
  • insyde.com https://www.insyde.com/security-pledge/SA-2023025
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.