In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5).
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
23
Affected Products
7
References
insyde / insydeh2o
| - |
| insyde | insydeh2o | 5.4 - 5.42.44 | - |
| insyde | insydeh2o | 5.3 - 5.35.25 | - |
| insyde | insydeh2o | 5.2 - 5.26.25 | - |
| insyde | insydeh2o | 5.4 - 5.43.25 | - |
| siemens | ruggedcom_apr1808_firmware | - | - |
| siemens | simatic_field_pg_m5_firmware | - | - |
| siemens | simatic_field_pg_m6_firmware | - | - |
| siemens | simatic_ipc127e_firmware | - | - |
| siemens | simatic_ipc227g_firmware | - | - |
| siemens | simatic_ipc277g_firmware | - | - |
| siemens | simatic_ipc327g_firmware | - | - |
| siemens | simatic_ipc377g_firmware | - | - |
| siemens | simatic_ipc427e_firmware | - | - |
| siemens | simatic_ipc477e_firmware | - | - |
| siemens | simatic_ipc477e_pro_firmware | - | - |
| siemens | simatic_ipc627e_firmware | - | - |
| siemens | simatic_ipc647e_firmware | - | - |
| siemens | simatic_ipc677e_firmware | - | - |
| siemens | simatic_ipc847e_firmware | - | - |
| siemens | simatic_itp1000_firmware | - | - |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability
Impact