CVE-2024-52877

High CVSS: 7.5

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, callback function SmmCreateVariableLockList () calls CreateVariableLockListInSmm (). In CreateVariableLockListInSmm (), it uses StrSize () to get variable name size and it could lead to a buffer over-read.

Vendor

Insyde

Product

Insydeh2o

CWE

CWE-126

Yayın Tarihi

2025-05-15 16:15:32

Güncelleme

2025-08-15 17:06:05

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-126 Insydeh2o HIGH Insyde 2025

Referanslar

https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/sa-2024016/

Benzer Kayıtlar

High

CVE-2024-55567

Improper input validation was discovered in UsbCoreDxe in Insyde InsydeH2O kernel 5.4 before 05.47.01, 5.5 before 05.55.…

High

CVE-2024-52879

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kern…

High

CVE-2024-52880

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kern…

High

CVE-2024-52878

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kern…

Medium

CVE-2024-49200

An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in Insyde InsydeH2O with kernel 5.2 though 5.7. A potential D…