CVE-2021-39298 — Vulnetix

CVE-2021-39298 PUBLISHED

BRLY-2021-004 High CVE-2021-39298 BINARLY efiXplorer team identified a SMM callout in multiple HP devices, which allows an attacker to access the System Management Mode and execute arbitrary code.

EPSS 0.05% · 17.6th percentile

Risk Scores

EPSS Score

0.05%

17.6th percentile

Exploit Intelligence

CIRCL seen: CVE-2021-39298 (circl-sighting)
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1032 (circl)
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-1027 (circl)

Timeline

Feb 4, 2022 CVE Published
Feb 16, 2022 PoC Published
Feb 17, 2022 EPSS Score
Mar 8, 2022 EPSS Score
Apr 10, 2022 EPSS Score
Jun 1, 2022 EPSS Score
Jul 24, 2022 EPSS Score
Sep 15, 2022 EPSS Score
Nov 6, 2022 EPSS Score
Dec 28, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Apr 11, 2023 EPSS Score

References

SMM callout vulnerability in SMM driver on multiple HP devices (SMM arbitrary code execution). advisory
SMM callout vulnerability in SMM driver on multiple HP devices (SMM arbitrary code execution). advisory

Open in Interactive Console →