CVE-2024-52877 in InsydeH2Oinformação

Sumário

de MITRE • 15/05/2025

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, callback function SmmCreateVariableLockList () calls CreateVariableLockListInSmm (). In CreateVariableLockListInSmm (), it uses StrSize () to get variable name size and it could lead to a buffer over-read.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsável

MITRE

Reservar

17/11/2024

Divulgação

15/05/2025

Moderação

aceite

Entrada

VDB-309089

CPE

pronto

EPSS

0.00400

KEV

não

Atividades

muito baixo

Fontes

Do you know our Splunk app?

Download it now for free!