CVE-2024-52877
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2024-52877. We'll provide specific mitigation strategies based on your environment and risk profile.
CVSS Score
V3.1EPSS Score
v2025.03.14There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.
Attack Vector Metrics
Impact Metrics
Description
An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, callback function SmmCreateVariableLockList () calls CreateVariableLockListInSmm (). In CreateVariableLockListInSmm (), it uses StrSize () to get variable name size and it could lead to a buffer over-read.
Available Exploits
Related News
EU Vulnerability Database
Monitored by ENISA for EU cybersecurity
ENISA Analysis
An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, callback function SmmCreateVariableLockList () calls CreateVariableLockListInSmm (). In CreateVariableLockListInSmm (), it uses StrSize () to get variable name size and it could lead to a buffer over-read.
Affected Products (ENISA)
ENISA Scoring
EPSS Score
ENISA References
Data provided by ENISA EU Vulnerability Database. Last updated: May 19, 2025
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References
Advisory provided by GitHub Security Advisory Database. Published: May 15, 2025, Modified: May 19, 2025
Social Media Intelligence
Real-time discussions and threat intelligence from social platforms
Bios update legion go I’ve not installed it yet but noticed this news update Is it new? Changelog 1. Base on BIOS36. 2. Update AMD PI 1.2.0.0. 3. Add CVE-2024-36347 patch. 4. Add CVE-2023-40238 patch. 5. Add CVE-2024-38796 patch. 6. Add CVE-2024-6364 patch. 7. Add CVE-2024-52877 patch. 8. Add CVE-2024-52878 …
Legion Pro 7i Gen 9 / 16IRX9H, June 25 BIOS N2CN27WW Available for Download **June 25, BIOS N2CN27WW is available for Legion Pro 7i Gen 9 / 16IRX9H**, and **brings Microcode Update revision to 12E** and release notes below: [https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/legion-series/legion-pro-7-16irx9h/83de/83de001sus/downloads/ds567127-bios-update-for-windows-10-64-bit-legion-pro-7-16irx9h?category=BIOS%2FUEFI](https://pcsupport.lenovo.com/us/en/products/laptops-and-netbooks/legion-series/legion-pro-7-16irx9h/83de/83de001sus/downloads/ds567127-bios-update-for-windows-10-64-bit-legion-pro-7-16irx9h?category=BIOS%2FUEFI) Note: During upgrade, you'll see an initial progress indicator > …
New Gen8 Bios KWCN50WW with Intel Microcode 0x12e Hi Board, there is a new Bios Update KWCN50WW for the following devices. It also contains Intel Microcode 0x12e as undocumented change. [https://download.lenovo.com/consumer/mobiles/kwcn50ww.exe](https://download.lenovo.com/consumer/mobiles/kwcn50ww.exe) [https://download.lenovo.com/consumer/mobiles/kwcn50ww.txt](https://download.lenovo.com/consumer/mobiles/kwcn50ww.txt) >Legion Pro 5 16IRX8/Lenovo Legion Pro 5 16IRX8/Legion Y9000P IRX8/Legion Pro 7 16IRX8H/Lenovo Legion Pro 7 16IRX8H/Legion Y9000P …