CVE-2020-27339
Summary
| CVE | CVE-2020-27339 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-06-16 16:15:00 UTC |
| Updated | 2022-07-12 17:42:00 UTC |
| Description | In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5). |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Insyde | Insydeh2o | All | All | All | All |
| Hardware | Siemens | Ruggedcom Apr1808 | - | All | All | All |
| Operating System | Siemens | Ruggedcom Apr1808 Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Field Pg M5 | - | All | All | All |
| Operating System | Siemens | Simatic Field Pg M5 Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Field Pg M6 | - | All | All | All |
| Operating System | Siemens | Simatic Field Pg M6 Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Ipc127e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc127e Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Ipc227g | - | All | All | All |
| Operating System | Siemens | Simatic Ipc227g Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Ipc277g | - | All | All | All |
| Operating System | Siemens | Simatic Ipc277g Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Ipc327g | - | All | All | All |
| Operating System | Siemens | Simatic Ipc327g Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Ipc377g | - | All | All | All |
| Operating System | Siemens | Simatic Ipc377g Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Ipc427e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc427e Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Ipc477e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc477e Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Ipc477e Pro | - | All | All | All |
| Operating System | Siemens | Simatic Ipc477e Pro Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Ipc627e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc627e Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Ipc647e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc647e Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Ipc677e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc677e Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Ipc847e | - | All | All | All |
| Operating System | Siemens | Simatic Ipc847e Firmware | - | All | All | All |
| Hardware | Siemens | Simatic Itp1000 | - | All | All | All |
| Operating System | Siemens | Simatic Itp1000 Firmware | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Advisory | Insyde Software | MISC | www.insyde.com | |
| cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf | CONFIRM | cert-portal.siemens.com | |
| CVE-2020-27339 InsydeH2O Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| InsydeH2O® UEFI BIOS | Insyde Software | MISC | www.insyde.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 590981 Siemens Industrial Products Insyde BIOS Multiple Vulnerabilities (SSA-306654)