What is CVE-2020-27339?

CVE-2020-27339 is a medium-severity vulnerability in Insyde Insydeh2o, classified under Improper Input Validation. CVSS score: 6.7/10. Published 2021-06-16.

How severe is CVE-2020-27339?

Medium severity. CVSS v3 base score is 6.7 out of 10.

Improper input validation in Insyde Insydeh2o

CVE-2020-27339

In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.003 (23.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

cve@mitre.org (x_refsource_MISC, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
af854a3a-2127-422b-91ae-364da2661108

Frequently asked questions

What is CVE-2020-27339?: CVE-2020-27339 is a medium-severity vulnerability in Insyde Insydeh2o, classified under Improper Input Validation. CVSS score: 6.7/10. Published 2021-06-16.
How severe is CVE-2020-27339?: Medium severity. CVSS v3 base score is 6.7 out of 10.