CVE-2021-45971

Name of the Vulnerable Software and Affected Versions InsydeH2O kernel versions 5.1 through 05.16.24 InsydeH2O kernel versions 5.2 through 05.26.24 InsydeH2O kernel versions 5.3 through 05.35.24 InsydeH2O kernel versions 5.4 through 05.43.24 InsydeH2O kernel versions 5.5 through 05.51.24

Description A vulnerability exists in the SMM (System Management Mode) branch of the SdHostDriver component in InsydeH2O, which registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (CommBufferData). This issue is related to a buffer overflow in memory, which could allow an attacker to execute arbitrary code in the target system.

Recommendations For kernel version 5.1, update to version 05.16.25 or later. For kernel version 5.2, update to version 05.26.25 or later. For kernel version 5.3, update to version 05.35.25 or later. For kernel version 5.4, update to version 05.43.25 or later. For kernel version 5.5, update to version 05.51.25 or later.