CVE-2020-5956

HIGH

InsydeH2O <5.1-5.4 - Code Injection

Title source: llm
STIX 2.1

Description

An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 before 05.15.11, 5.2 before 05.25.11, 5.3 before 05.34.11, and 5.4 before 05.42.11. The software SMI handler allows untrusted external input because it does not verify CommBuffer.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.insyde.com/security-pledge
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220223-0001/

Scores

CVSS v3 7.5
EPSS 0.0081
EPSS Percentile 52.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (1)
insyde/insydeh2o 5.2 - 5.25.11
Published Jan 05, 2022
Tracked Since Feb 18, 2026