CVE-2024-52879

HIGH

Insydeh2o < 5.2.05.29.50 - Buffer Over-read

Title source: rule

Description

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, SmmUpdateVariablePropertySmi () is a SMM callback function and it uses StrCmp () to compare variable names. This action may cause a buffer over-read.

References (2)

[Vendor Advisory] https://www.insyde.com/security-pledge

[Vendor Advisory] https://www.insyde.com/security-pledge/sa-2024016/

Scores

CVSS v3 7.5

EPSS 0.0029

EPSS Percentile 52.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-126

Status published

Products (1)

insyde/insydeh2o 5.2 - 5.2.05.29.50

Published May 15, 2025

Tracked Since Feb 18, 2026