CVE-2020-27339

In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5).

Published: Jun 16, 2021
Updated: Apr 14, 2023
CVE: CVE-2020-27339
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
insyde / insydeh2o	5.3	5.34.44
insyde / insydeh2o	5.2	5.25.44
insyde / insydeh2o	5.1	5.16.25
insyde / insydeh2o	5.4	5.42.44
insyde / insydeh2o	5.3	5.35.25
insyde / insydeh2o	5.2	5.26.25
insyde / insydeh2o	5.4	5.43.25

https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf
https://security.netapp.com/advisory/ntap-20220216-0005/
https://www.insyde.com/security-pledge/SA-2021001

Vulnerability Database

289,689

CVE-2020-27339