Headline
CVE-2021-41289: ASUS P453UJ - Improper Restriction of Operations within the Bounds of a Memory Buffer
ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. With a general user’s permission, local attackers can modify the BIOS by replacing or filling in the content of the designated Memory DataBuffer, which causing a failure of integrity verification and further resulting in a failure to boot.
:::
- 首頁
- 資安服務
- 台灣漏洞揭露平台 (TVN)
- TVN (Taiwan Vulnerability Note) 漏洞公告
TVN ID
TVN-202109005
CVE ID
CVE-2021-41289
CVSS
6.3 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
影響產品
ASUS P453UJ BIOS 311
問題描述
ASUS P453UJ含有Improper Restriction of Operations within the Bounds of a Memory Buffer漏洞,Local端攻擊者以一般使用者的權限,可透過置換或填寫Memory DataBuffer內容修改BIOS,使開機時完整性(Integrity)驗證失敗,導致無法開機。
解決方法
ASUS P453UJ BIOS 313
漏洞通報者
ASUS
公開日期
2021-11-15