Evgenii Rasskazov

Name of the Vulnerable Software and Affected Versions: InsydeH2O versions 5.1 through 5.5 Description: The issue arises from certain SMM drivers in the kernel not correctly validating the `CommBuffer` and `CommBufferSize` parameters. This allows callers to potentially corrupt either the firmware or the OS memory. Recommendations: For InsydeH2O versions 5.1 through 5.5, update the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers to versions 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 respectively.