CVE-2021-45969

Name of the Vulnerable Software and Affected Versions InsydeH2O kernel versions 5.1 through 05.16.24 InsydeH2O kernel versions 5.2 through 05.26.24 InsydeH2O kernel versions 5.3 through 05.35.24 InsydeH2O kernel versions 5.4 through 05.43.24 InsydeH2O kernel versions 5.5 through 05.51.24

Description A vulnerability exists in the SMM (System Management Mode) branch of the AhciBusDxe component in InsydeH2O, which registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer (the CommBuffer+8 location). This issue is related to a buffer overflow in memory, which can be exploited to execute arbitrary code in the target system.

Recommendations For InsydeH2O kernel versions 5.1 through 05.16.24, update to version 05.16.25 or later. For InsydeH2O kernel versions 5.2 through 05.26.24, update to version 05.26.25 or later. For InsydeH2O kernel versions 5.3 through 05.35.24, update to version 05.35.25 or later. For InsydeH2O kernel versions 5.4 through 05.43.24, update to version 05.43.25 or later. For InsydeH2O kernel versions 5.5 through 05.51.24, update to version 05.51.25 or later.