An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, SmmUpdateVariablePropertySmi () is a SMM callback function and it uses StrCmp () to compare variable names. This action may cause a buffer over-read.

Related CVEs

CVE-2024-52879

Key Information

GHSA ID

GHSA-4f7m-v6hv-9hcr

Published

May 15, 2025 6:31 PM

Last Modified

May 19, 2025 9:30 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 21, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.