Cyber Resilience

CVE-2021-45969

High

Published: 05 January 2022

Published
05 January 2022
Modified
04 November 2025
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0006 18.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-45969 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Insyde Insydeh2O. Its CVSS base score is 8.2 (High).

Operationally, ranked at the 18.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.1 before 05.16.25, 5.2 before 05.26.25, 5.3 before 05.35.25, 5.4 before 05.43.25, and 5.5 before 05.51.25. A vulnerability exists in the SMM (System Management Mode) branch that registers a…

more

SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the CommBuffer+8 location).

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

insyde
insydeh2o
5.1 — 5.16.25 · 5.2 — 5.26.25 · 5.3 — 5.35.25

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References