Description
An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 before 05.15.11, 5.2 before 05.25.11, 5.3 before 05.34.11, and 5.4 before 05.42.11. The software SMI handler allows untrusted external input because it does not verify CommBuffer.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.insyde.com/security-pledge
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220223-0001/
Scores
CVSS v3
7.5
EPSS
0.0081
EPSS Percentile
52.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (1)
insyde/insydeh2o
5.2 - 5.25.11
Published
Jan 05, 2022
Tracked Since
Feb 18, 2026