CVE-2024-52877 in InsydeH2Oinformation

Résumé

par MITRE • 15/05/2025

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, callback function SmmCreateVariableLockList () calls CreateVariableLockListInSmm (). In CreateVariableLockListInSmm (), it uses StrSize () to get variable name size and it could lead to a buffer over-read.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsable

MITRE

Réserver

17/11/2024

Divulgation

15/05/2025

Modérer

accepté

Entrée

VDB-309089

CPE

prêt

EPSS

0.00400

KEV

non

Activités

très faible

Sources

Do you know our Splunk app?

Download it now for free!