CVE-2020-27339

by Fred · 16/06/2021

An issue was discovered in IdeBusDxe in Insyde InsydeH2O 5.x. Code in system management mode calls a function outside of SMRAM in response to a crafted software SMI, aka Inclusion of Functionality from an Untrusted Control Sphere. Modifying the well-known address of this function allows an attacker to gain control of the system with the privileges of system management mode.

Date published : 2021-06-16

https://www.insyde.com/products

https://www.insyde.com/security-pledge/SA-2021001

CVE-2020-27339

Similar

Recent Posts

Categories

CVE-2020-27339

Share this:

Similar

Recent Posts

Categories

Tags