CVE-2020-5955
First published: Wed Nov 03 2021(Updated: )
An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| InsydeH2O UEFI BIOS | <05.32.30.0001 | |
| Intel Ice Lake | ||
| InsydeH2O UEFI BIOS | <05.41.35.0001 | |
| Intel Tiger Lake | ||
| InsydeH2O UEFI BIOS | <05.42.11.0026 | |
| Intel Whitley Firmware | ||
| InsydeH2O UEFI BIOS | <05.04.21.0068 | |
| Intel Grantley-EP | ||
| InsydeH2O UEFI BIOS | <05.42.09.0003 | |
| Intel Elkhart Lake | ||
| InsydeH2O UEFI BIOS | <05.21.51.0040 | |
| Intel Purley-EP Refresh Neon City | ||
| InsydeH2O UEFI BIOS | <05.34.09.0030 | |
| Intel Comet Lake | ||
| Intel Comet Lake | ||
| InsydeH2O UEFI BIOS | <05.32.47.0001 | |
| Intel Comet Lake | ||
| InsydeH2O UEFI BIOS | <05.23.45.0023 | |
| Intel Whiskey Lake firmware | ||
| Intel Whiskey Lake firmware | ||
| InsydeH2O UEFI BIOS | <05.21.43.0001 | |
| INTEL Whiskey Lake firmware | ||
| InsydeH2O UEFI BIOS | <05.23.04.0045 | |
| INTEL Mehlow firmware | ||
| INTEL Mehlow-R firmware | ||
| INTEL Mehlow-R firmware | ||
| INTEL Mehlow firmware | ||
| Intel Coffee Lake | ||
| Intel Cannon Lake | ||
| InsydeH2O UEFI BIOS | <05.11.26.0015 | |
| Intel Kaby Lake | ||
| InsydeH2O UEFI BIOS | <05.12.09.0075 | |
| INTEL Greenlow firmware | ||
| INTEL Greenlow-R firmware | ||
| INTEL Greenlow firmware | ||
| INTEL Greenlow-R firmware | ||
| InsydeH2O UEFI BIOS | <05.10.48.0001 | |
| Intel Kaby Lake | ||
| InsydeH2O UEFI BIOS | <05.05.39.0001 | |
| Intel Skylake | ||
| InsydeH2O UEFI BIOS | <05.04.15.0001 | |
| Intel Skylake | ||
| InsydeH2O UEFI BIOS | <05.23.27.0001 | |
| Intel Coffee Lake | ||
| INTEL Whiskey Lake firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-5955.
What is the severity of CVE-2020-5955?
CVE-2020-5955 has a severity rating of 9.8 (critical).
What is the affected software?
The affected software is Insyde Insydeh2o Uefi Bios versions up to 05.32.30.0001 and up to 05.41.35.0001.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by calling Int15MicrocodeSmm to escalate privileges on Intel client chipsets.
Are Intel Ice Lake and Intel Tiger Lake vulnerable to this issue?
No, Intel Ice Lake and Intel Tiger Lake are not vulnerable to CVE-2020-5955.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/insyde
- canonical/insydeh2o uefi bios
- vendor/intel
- canonical/intel ice lake
- canonical/intel tiger lake
- canonical/intel whitley firmware
- canonical/intel grantley-ep
- canonical/intel elkhart lake
- canonical/intel purley-ep refresh neon city
- canonical/intel comet lake
- canonical/intel whiskey lake firmware
- canonical/intel mehlow firmware
- canonical/intel mehlow-r firmware
- canonical/intel coffee lake
- canonical/intel cannon lake
- canonical/intel kaby lake
- canonical/intel greenlow firmware
- canonical/intel greenlow-r firmware
- canonical/intel skylake