HIGH🇵🇱 Wersja polska

CVE-2024-52880

CVSS 7.9v3.1pub. 2025-05-15upd. 2025-07-29

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, SecureBootHandler uses DataSize and VariableNameSize when determining if the data or name are in the buffer, but these are supplied by the caller and therefore cannot be trusted.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
  • Insyde Kernel

    OS
    Insyde
    5.2 – 5.29.50 (bez)5.3 – 5.38.50 (bez)5.4 – 5.46.50 (bez)5.5 – 5.54.50 (bez)5.6 – 5.61.50 (bez)5.7 – 5.70.50 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-25078HIGH7.4ten sam produkt

A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB191301...

CVE-2022-36337HIGH8.2ten sam produkt

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow vulnerability...

CVE-2022-35407HIGH7.8ten sam produkt

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbi...

CVE-2022-29275HIGH8.2ten sam produkt

In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS...

CVE-2022-29278HIGH8.2ten sam produkt

Incorrect pointer checks within the NvmExpressDxe driver can allow tampering with SMRAM and OS memory Incorrec...