Insyde Security Advisory 2022005

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2022005 Software AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 7.5 01/04/2022 01/04/2022

Summary:

SdLegacySmm: Software SMI handler does not verify CommBuffer, allowing untrusted external input (CVE-2020-5956)

Vulnerability Details

CVE-2020-5956

This corresponds to CVE-2020-5956. It affects the driver SdLegacySmm. It was discovered by an external researcher. It was fixed in the following versions: Kernel 5.1: 05.15.11, Kernel 5.2: 05.25.11, Kernel 5.3: 05.34.11, Kernel 5.4: 05.42.11, Kernel 5.5: Unaffected

Acknowledgements:

Insyde Software would like to thank Jiawei Yin @yngweijw for reporting this issue.

Revision History:

Revision Date Description
1.0 01/04/2022 Initial Release
1.1 02/08/2022 Added CVSS Rating

Return to Insyde's Security Pledge