Insyde's Security Pledge
Recent Security Advisories
INSYDE-SA-2020001
Product
CVSS Score
Original Date
Last Revised
InsydeH2O
7.2
2024-03-12
Summary
AhciBusDxe: Improper input validation might lead to arbitrary code execution vulnerability at SMM level.
Vulnerability Details
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
CVE-2020-5952: AhciBusDxe module has an SMM call out vulnerability that could also be used to execute arbitrary code at SMM level.
Solution Information
Kernel 5.1: Version in 05.15.11
Kernel 5.2: Version in 05.25.11
Kernel 5.3: Version in 05.34.11
Kernel 5.4: Version in 05.42.11
Acknowledgements
Thanks 3rd party researchers, Yngweijw and Menghao Li of IIE Varas, for reporting the vulnerabilities and engaging in coordinated disclosure.
Revision History
Revision #
Date
Description
1
2024-03-12
Initial Release