Insyde Security Advisory 2020001

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2020001 Software CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N 7.2 03/12/2024 03/12/2024

Summary:

AhciBusDxe: Improper input validation might lead to arbitrary code execution vulnerability at SMM level.

Vulnerability Details:

CVE-2020-5952: AhciBusDxe module has an SMM call out vulnerability that could also be used to execute arbitrary code at SMM level.
CVSS: 7.2
CVSS Vector String: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

Solution Information:
Kernel 5.1: Version in 05.15.11
Kernel 5.2: Version in 05.25.11
Kernel 5.3: Version in 05.34.11
Kernel 5.4: Version in 05.42.11

Acknowledgements:

Thanks 3rd party researchers, Yngweijw and Menghao Li of IIE Varas, for reporting the vulnerabilities and engaging in coordinated disclosure.

Revision History:

Revision Date Description
1.0 03/12/2024 Initial Release
- - -

Return to Insyde's Security Pledge