CVE-2024-52878

{"id": "CVE-2024-52878", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-05-15T16:15:32.897", "references": [{"url": "https://www.insyde.com/security-pledge", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.insyde.com/security-pledge/sa-2024016/", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-126"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, VariableServicesSetVariable () can be called by gRT_>SetVariable () or the SmmSetSensitiveVariable () or SmmInternalSetVariable () from SMM. In VariableServicesSetVariable (), it uses StrSize () to get variable name size, uses StrLen () to get variable name length and uses StrCmp () to compare strings. These actions may cause a buffer over-read."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Insyde InsydeH2O con kernel 5.2 anterior a la versi\u00f3n 05.29.50, kernel 5.3 anterior a la versi\u00f3n 05.38.50, kernel 5.4 anterior a la versi\u00f3n 05.46.50, kernel 5.5 anterior a la versi\u00f3n 05.54.50, kernel 5.6 anterior a la versi\u00f3n 05.61.50 y kernel 5.7 anterior a la versi\u00f3n 05.70.50. En el controlador VariableRuntimeDxe, se puede llamar a VariableServicesSetVariable() mediante gRT_>SetVariable(), SmmSetSensitiveVariable() o SmmInternalSetVariable() desde SMM. En VariableServicesSetVariable(), se utiliza StrSize() para obtener el tama\u00f1o del nombre de la variable, StrLen() para obtener la longitud del nombre de la variable y StrCmp() para comparar cadenas. Estas acciones pueden provocar una sobrelectura del b\u00fafer."}], "lastModified": "2025-08-15T17:05:30.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D16921E2-B380-46F2-A0C3-4BF481754B25", "versionEndExcluding": "5.2.05.29.50", "versionStartIncluding": "5.2"}, {"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0DC26AD-A1D5-4E41-96C2-BDFA9B0E9A79", "versionEndExcluding": "5.3.05.38.50", "versionStartIncluding": "5.3"}, {"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D9213E6-C42D-4131-AC48-A997D9C73A16", "versionEndExcluding": "5.4.05.46.50", "versionStartIncluding": "5.4"}, {"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40B6FCB7-3A05-414F-BCDB-4F03EAAD9BEC", "versionEndExcluding": "5.5.05.54.50", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98F9E3E4-0310-4E7B-830C-7479625D65B8", "versionEndExcluding": "5.6.05.61.50", "versionStartIncluding": "5.6"}, {"criteria": "cpe:2.3:a:insyde:insydeh2o:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A850FC4-D697-4CE2-BAB9-A5E5D7809E3A", "versionEndExcluding": "5.7.05.70.50", "versionStartIncluding": "5.7"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}