CVE-2021-39299 — Vulnetix

CVE-2021-39299 PUBLISHED

BRLY-2021-053 High CVE-2021-39299 BINARLY efiXplorer team has discovered a stack overflow vulnerability that allows a local root user to access UEFI DXE driver and execute arbitrary code.

EPSS 0.06% · 19.1th percentile

Risk Scores

EPSS Score

0.06%

19.1th percentile

Exploit Intelligence

https://support.hp.com/us-en/document/ish_5661066-5661090-16 (circl)

Timeline

Feb 4, 2022 CVE Published
Feb 17, 2022 EPSS Score
Mar 8, 2022 EPSS Score
Apr 10, 2022 EPSS Score
Jun 1, 2022 EPSS Score
Jul 24, 2022 EPSS Score
Sep 15, 2022 EPSS Score
Nov 6, 2022 EPSS Score
Dec 28, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Apr 11, 2023 EPSS Score
Jun 2, 2023 EPSS Score

References

The stack buffer overflow vulnerability leads to arbitrary code execution in DXE driver on Intel platform. advisory
The stack buffer overflow vulnerability leads to arbitrary code execution in UEFI DXE driver on multiple HP devices. advisory
The stack buffer overflow vulnerability leads to arbitrary code execution in UEFI DXE driver on multiple HP devices. advisory
The stack buffer overflow vulnerability leads to arbitrary code execution in DXE driver on Intel platform. advisory

Open in Interactive Console →