CVE-2024-52880

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, SecureBootHandler uses DataSize and VariableNameSize when determining if the data or name are in the buffer, but these are supplied by the caller and therefore cannot be trusted.

CVSS v3 7.9 HIGH

7.9^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.5 / Impact : 5.8

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.insyde.com/security-pledge	Vendor Advisory
https://www.insyde.com/security-pledge/sa-2024016/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-05-15 16:15

Updated : 2025-07-29 13:09

NVD link : CVE-2024-52880

Mitre link : CVE-2024-52880

CVE.ORG link : CVE-2024-52880

JSON object : View

Products Affected

insyde

kernel

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2024-52880", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.9, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 1.5}]}, "published": "2025-05-15T16:15:33.143", "references": [{"url": "https://www.insyde.com/security-pledge", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.insyde.com/security-pledge/sa-2024016/", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, SecureBootHandler uses DataSize and VariableNameSize when determining if the data or name are in the buffer, but these are supplied by the caller and therefore cannot be trusted."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Insyde InsydeH2O en las versiones del kernel 5.2 anterior a la 05.29.50, 5.3 anterior a la 05.38.50, 5.4 anterior a la 05.46.50, 5.5 anterior a la 05.54.50, 5.6 anterior a la 05.61.50 y 5.7 anterior a la 05.70.50. En el controlador VariableRuntimeDxe, SecureBootHandler utiliza DataSize y VariableNameSize para determinar si los datos o el nombre est\u00e1n en el b\u00fafer, pero estos son proporcionados por el emisor y, por lo tanto, no son confiables."}], "lastModified": "2025-07-29T13:09:06.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2EFE045-135C-419F-9BB0-7E11A22A98C0", "versionEndExcluding": "5.29.50", "versionStartIncluding": "5.2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4702B5B6-5BE8-47F6-8FD3-0720D1EB0844", "versionEndExcluding": "5.38.50", "versionStartIncluding": "5.3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "949C566E-8F6E-4794-8780-5FA7841D149D", "versionEndExcluding": "5.46.50", "versionStartIncluding": "5.4"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "538D70A7-17B4-45AC-B446-CF687AEC43B7", "versionEndExcluding": "5.54.50", "versionStartIncluding": "5.5"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F0E7B47-C2D1-492F-B297-8FCAD69E681C", "versionEndExcluding": "5.61.50", "versionStartIncluding": "5.6"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:insyde:kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BA744F1-4260-40BB-81E6-3F334892B958", "versionEndExcluding": "5.70.50", "versionStartIncluding": "5.7"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}