Insyde's Security Pledge
Insyde Security Advisory 2022005
Insyde ID | Advisory Category | Impact of Vulnerability | Severity Rating | Original Date | Last Revised |
INSYDE-SA-2022005 | Software | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 7.5 | 01/04/2022 | 01/04/2022 |
Summary:
SdLegacySmm: Software SMI handler does not verify CommBuffer, allowing untrusted external input (CVE-2020-5956)
Vulnerability Details
This corresponds to CVE-2020-5956. It affects the driver SdLegacySmm. It was discovered by an external researcher. It was fixed in the following versions: Kernel 5.1: 05.15.11, Kernel 5.2: 05.25.11, Kernel 5.3: 05.34.11, Kernel 5.4: 05.42.11, Kernel 5.5: Unaffected
Acknowledgements:
Insyde Software would like to thank Jiawei Yin @yngweijw for reporting this issue.
Revision History:
Revision | Date | Description |
1.0 | 01/04/2022 | Initial Release |
1.1 | 02/08/2022 | Added CVSS Rating |