CVE-2020-27339: Input Validation
First published: Wed Jun 16 2021(Updated: )
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Insyde InsydeH2O | >=5.3<5.34.44 | |
| Insyde InsydeH2O | >=5.2<5.25.44 | |
| Insyde InsydeH2O | >=5.1<5.16.25 | |
| Insyde InsydeH2O | >=5.4<5.42.44 | |
| Insyde InsydeH2O | >=5.3<5.35.25 | |
| Insyde InsydeH2O | >=5.2<5.26.25 | |
| Insyde InsydeH2O | >=5.4<5.43.25 | |
| Siemens Ruggedcom Apr1808 Firmware | ||
| Siemens Ruggedcom Apr1808 | ||
| Siemens Simatic Field Pg M5 Firmware | ||
| Siemens Simatic Field Pg M5 | ||
| Siemens Simatic Field Pg M6 Firmware | ||
| Siemens Simatic Field Pg M6 | ||
| Siemens Simatic Ipc127e Firmware | ||
| Siemens Simatic Ipc127e | ||
| Siemens Simatic Ipc227g Firmware | ||
| Siemens Simatic Ipc227g | ||
| Siemens Simatic Ipc277g Firmware | ||
| Siemens Simatic Ipc277g | ||
| Siemens Simatic Ipc327g Firmware | ||
| Siemens Simatic Ipc327g | ||
| Siemens Simatic Ipc377g Firmware | ||
| Siemens Simatic Ipc377g | ||
| Siemens Simatic Ipc427e Firmware | ||
| Siemens Simatic Ipc427e | ||
| Siemens Simatic Ipc477e Firmware | ||
| Siemens Simatic Ipc477e | ||
| Siemens Simatic Ipc477e Pro Firmware | ||
| Siemens Simatic Ipc477e Pro | ||
| Siemens Simatic Ipc627e Firmware | ||
| Siemens Simatic Ipc627e | ||
| Siemens Simatic Ipc647e Firmware | ||
| Siemens Simatic Ipc647e | ||
| Siemens Simatic Ipc677e Firmware | ||
| Siemens Simatic Ipc677e | ||
| Siemens Simatic Ipc847e Firmware | ||
| Siemens Simatic Ipc847e | ||
| Siemens Simatic Itp1000 Firmware | ||
| Siemens Simatic Itp1000 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-27339?
The severity of CVE-2020-27339 is high.
What is the affected software for CVE-2020-27339?
The affected software for CVE-2020-27339 is Insyde InsydeH2O 5.x.
How does CVE-2020-27339 impact Insyde InsydeH2O 5.x?
CVE-2020-27339 can allow callers to corrupt either the firmware or the OS memory.
Are there any fixed versions for CVE-2020-27339?
Yes, the fixed versions for CVE-2020-27339 are available for the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and Sd.
Where can I find more information about CVE-2020-27339?
You can find more information about CVE-2020-27339 in the references provided: [Reference 1](https://cert-portal.siemens.com/productcert/pdf/ssa-306654.pdf), [Reference 2](https://security.netapp.com/advisory/ntap-20220216-0005/), [Reference 3](https://www.insyde.com/security-pledge/SA-2021001).
- collector/nvd-index
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/author
- agent/severity
- agent/references
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/insyde
- canonical/insyde insydeh2o
- version/insyde insydeh2o/5.3
- version/insyde insydeh2o/5.2
- version/insyde insydeh2o/5.1
- version/insyde insydeh2o/5.4
- vendor/siemens
- canonical/siemens ruggedcom apr1808 firmware
- canonical/siemens ruggedcom apr1808
- canonical/siemens simatic field pg m5 firmware
- canonical/siemens simatic field pg m5
- canonical/siemens simatic field pg m6 firmware
- canonical/siemens simatic field pg m6
- canonical/siemens simatic ipc127e firmware
- canonical/siemens simatic ipc127e
- canonical/siemens simatic ipc227g firmware
- canonical/siemens simatic ipc227g
- canonical/siemens simatic ipc277g firmware
- canonical/siemens simatic ipc277g
- canonical/siemens simatic ipc327g firmware
- canonical/siemens simatic ipc327g
- canonical/siemens simatic ipc377g firmware
- canonical/siemens simatic ipc377g
- canonical/siemens simatic ipc427e firmware
- canonical/siemens simatic ipc427e
- canonical/siemens simatic ipc477e firmware
- canonical/siemens simatic ipc477e
- canonical/siemens simatic ipc477e pro firmware
- canonical/siemens simatic ipc477e pro
- canonical/siemens simatic ipc627e firmware
- canonical/siemens simatic ipc627e
- canonical/siemens simatic ipc647e firmware
- canonical/siemens simatic ipc647e
- canonical/siemens simatic ipc677e firmware
- canonical/siemens simatic ipc677e
- canonical/siemens simatic ipc847e firmware
- canonical/siemens simatic ipc847e
- canonical/siemens simatic itp1000 firmware
- canonical/siemens simatic itp1000