CVE-2020-27339

Name of the Vulnerable Software and Affected Versions: InsydeH2O versions 5.1 through 5.5

Description: The issue arises from certain SMM drivers in the kernel not correctly validating the CommBuffer and CommBufferSize parameters. This allows callers to potentially corrupt either the firmware or the OS memory.

Recommendations: For InsydeH2O versions 5.1 through 5.5, update the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers to versions 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 respectively.