{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T07:14:05.310","vulnerabilities":[{"cve":{"id":"CVE-2021-38578","sourceIdentifier":"infosec@edk2.groups.io","published":"2022-03-03T22:15:08.423","lastModified":"2025-11-03T20:15:49.767","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize."},{"lang":"es","value":"Unas comprobaciones existentes de CommBuffer en SmmEntryPoint no detectan el desbordamiento cuando es calculado BufferSize"}],"metrics":{"cvssMetricV31":[{"source":"infosec@edk2.groups.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":0.8,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"infosec@edk2.groups.io","type":"Secondary","description":[{"lang":"en","value":"CWE-124"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tianocore:edk2:*:*:*:*:*:*:*:*","versionEndIncluding":"202202","matchCriteriaId":"A2B1E98B-2D63-42E3-B6F8-139CC32BA4B0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:insyde:kernel:5.0:*:*:*:*:*:*:*","matchCriteriaId":"FFCC4619-B867-4E23-AF05-FF92B43628AF"},{"vulnerable":true,"criteria":"cpe:2.3:o:insyde:kernel:5.1:*:*:*:*:*:*:*","matchCriteriaId":"FB40061A-BEDF-4D72-BF2D-D1B10EB80A60"},{"vulnerable":true,"criteria":"cpe:2.3:o:insyde:kernel:5.2:*:*:*:*:*:*:*","matchCriteriaId":"9D6AFE61-A2A4-49DF-A8EE-B2F425DA7A08"},{"vulnerable":true,"criteria":"cpe:2.3:o:insyde:kernel:5.3:*:*:*:*:*:*:*","matchCriteriaId":"D21132C0-F2CF-4134-A165-926155031913"},{"vulnerable":true,"criteria":"cpe:2.3:o:insyde:kernel:5.4:*:*:*:*:*:*:*","matchCriteriaId":"6549F7F1-A438-4C84-9D66-C89C697E2A9B"},{"vulnerable":true,"criteria":"cpe:2.3:o:insyde:kernel:5.5:*:*:*:*:*:*:*","matchCriteriaId":"DE339FA1-8572-4365-B420-530D62686C08"}]}]}],"references":[{"url":"https://bugzilla.tianocore.org/show_bug.cgi?id=3387","source":"infosec@edk2.groups.io","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://www.insyde.com/security-pledge/SA-2023024","source":"infosec@edk2.groups.io","tags":["Third Party Advisory"]},{"url":"https://bugzilla.tianocore.org/show_bug.cgi?id=3387","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.insyde.com/security-pledge/SA-2023024","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}