CVE-2021-45970

Name of the Vulnerable Software and Affected Versions InsydeH2O kernel versions 5.1 through 05.16.24 InsydeH2O kernel versions 5.2 through 05.26.24 InsydeH2O kernel versions 5.3 through 05.35.24 InsydeH2O kernel versions 5.4 through 05.43.24 InsydeH2O kernel versions 5.5 through 05.51.24

Description A vulnerability exists in the SMM (System Management Mode) branch of IdeBusDxe in InsydeH2O, which registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer. This issue is related to a buffer overflow in memory, which could allow an attacker to execute arbitrary code in the target system.

Recommendations For InsydeH2O kernel versions 5.1 through 05.16.24, update to version 05.16.25 or later. For InsydeH2O kernel versions 5.2 through 05.26.24, update to version 05.26.25 or later. For InsydeH2O kernel versions 5.3 through 05.35.24, update to version 05.35.25 or later. For InsydeH2O kernel versions 5.4 through 05.43.24, update to version 05.43.25 or later. For InsydeH2O kernel versions 5.5 through 05.51.24, update to version 05.51.25 or later.