Unrated severityNVD Advisory· Published Jun 16, 2021· Updated Nov 4, 2025

CVE-2020-27339

Description

In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and SdMmcDeviceDxe drivers are 05.16.25, 05.26.25, 05.35.25, 05.43.25, and 05.51.25 (for Kernel 5.1 through 5.5).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Insyde/InsydeH2Odescription
Insyde/BIOSllm-fuzzy
Range: >=5.0, <5.16.25 or >=5.2, <5.26.25 or >=5.3, <5.35.25 or >=5.4, <5.43.25 or >=5.5, <5.51.25

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert-portal.siemens.com/productcert/pdf/ssa-306654.pdfmitrex_refsource_CONFIRM
security.netapp.com/advisory/ntap-20220216-0005/mitrex_refsource_CONFIRM
www.insyde.com/security-pledge/SA-2021001mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000