Overview:
It was announced that there are security vulnerabilities that affect UEFI firmware from InsydeH2O, REF: UEFI Firmware Vulnerabilities , used by multiple computer vendors. UEFI (Unified Extensible Firmware Interface) software is an interface between a device’s firmware and the operating system, which handles the booting process, system diagnostics, and repair functions. 23 vulnerabilities were found in the InsydeH2O UEFI firmware, most of them in the software's System Management Mode (SMM) that provides system-wide functions such as power management and hardware control.
Vulnerability Overview:
| Vulnerabilities | CVD ID | CVSS |
| SMM Callout (Privilege Escalation) | CVE-2020-27339 | 8.2 |
| CVE-2020-5953 | 7.5 | |
| CVE-2021-41839 | 8.2 | |
| CVE-2021-41840 | 7.5 | |
| CVE-2021-41841 | 8.2 | |
| CVE-2021-42060 | 7.5 | |
| CVE-2021-42113 | 8.2 | |
| CVE-2021-43522 | 7.5 | |
| CVE-2021-43615 | 8.2 | |
| CVE-2022-24069 | 8.2 | |
| SMM Memory Corruption | CVE-2021-33625 | 7.5 |
| CVE-2021-33626 | 8.2 | |
| CVE-2021-33627 | 8.2 | |
| CVE-2021-41837 | 8.2 | |
| CVE-2021-41838 | 8.2 | |
| CVE-2021-42554 | 7.5 | |
| CVE-2021-43323 | 8.2 | |
| CVE-2021-45969 | 8.2 | |
| CVE-2021-45970 | 8.2 | |
| CVE-2021-45971 | 8.2 | |
| CVE-2022-24030 | 7.5 | |
| CVE-2022-24031 | 7.5 | |
| DXE Memory Corruption | CVE-2021-42059 | 8.2 |
Possible Affected Canon Medical Systems Products:
The following Canon Medical Systems Corporation products are not using InsydeH2O UEFI firmware.
Canon Medical Products under investigation
Canon Medical Systems Corporation is currently investigating whether there is any impact. This security advisory will be updated as the investigation continues.
Notes:
Researcher who found these vulnerabilities evaluates "Attack Vector" of all 23 vulnerabilities are "Local" and "Privileges Required" of all 23 vulnerabilities are "High". The attacker needs to access the target system locally in order to exploit the vulnerabilities, and requires privileges that provide significant (e.g., administrative) control. The risk of possible impacted Canon Medical Systems Corporation imaging devices, which are located in a secure location such as examination room, is considered as low.