← Back

CVE-2024-52877

nvd nist
Published: May 15, 2025Modified: Aug 15, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, callback function SmmCreateVariableLockList () calls CreateVariableLockListInSmm (). In CreateVariableLockListInSmm (), it uses StrSize () to get variable name size and it could lead to a buffer over-read.

Affected (6)

Products: Insyde: Insydeh2o
Insyde
1 product
Insydeh2o
Configuration A
6 vulnerable
Vulnerable SoftwareAffected Versions
Insyde
Insydeh2o
From 5.2 to 5.2.05.29.50
Insydeh2o
From 5.3 to 5.3.05.38.50
Insydeh2o
From 5.4 to 5.4.05.46.50
Insydeh2o
From 5.5 to 5.5.05.54.50
Insydeh2o
From 5.6 to 5.6.05.61.50
Insydeh2o
From 5.7 to 5.7.05.70.50

Related CWEs

CWE-126
Buffer Over-read
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

References (2)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Vendor Advisory

Timeline

No history available yet.