The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. Netty is an open-source, asynchronous event-driven network application framework. This potential vulnerability was remediated starting with Windows 10 versions 21H2 on October 31, 2021. HP Factory Preinstalled Images on certain systems that shipped with Windows 10 versions 20H2 and earlier OS versions might allow escalation of privilege via execution of certain files outside the restricted path. This issue is similar to CVE-2021-42299 (on Surface Pro devices). This requires physical access to a target victim's device, or compromise of user credentials for a device. (For example, Windows uses these PCR measurements to determine device health.) A vulnerable device can masquerade as a healthy device by extending arbitrary values into Platform Configuration Register (PCR) banks. Devices use Platform Configuration Registers (PCRs) to record information about device and software configuration to ensure that the boot process is secure. It can report false TPM PCR values, and thus mask malware activity. An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |