CVE-2020-5956

An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 before 05.15.11, 5.2 before 05.25.11, 5.3 before 05.34.11, and 5.4 before 05.42.11. The software SMI handler allows untrusted external input because it does not verify CommBuffer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
insydeinsydeh2o
5.2 ≤
𝑥
< 5.25.11
insydeinsydeh2o
5.1 ≤
𝑥
< 05.15.11
insydeinsydeh2o
5.3 ≤
𝑥
< 05.34.11
insydeinsydeh2o
5.4 ≤
𝑥
< 05.42.11
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://security.netapp.com/advisory/ntap-20220223-0001/
https://www.insyde.com/security-pledge
https://security.netapp.com/advisory/ntap-20220223-0001/
https://www.insyde.com/security-pledge