CVE-2024-52880

{"id": "CVE-2024-52880", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.9, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 1.5}]}, "published": "2025-05-15T16:15:33.143", "references": [{"url": "https://www.insyde.com/security-pledge", "source": "cve@mitre.org"}, {"url": "https://www.insyde.com/security-pledge/sa-2024016/", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, SecureBootHandler uses DataSize and VariableNameSize when determining if the data or name are in the buffer, but these are supplied by the caller and therefore cannot be trusted."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Insyde InsydeH2O en las versiones del kernel 5.2 anterior a la 05.29.50, 5.3 anterior a la 05.38.50, 5.4 anterior a la 05.46.50, 5.5 anterior a la 05.54.50, 5.6 anterior a la 05.61.50 y 5.7 anterior a la 05.70.50. En el controlador VariableRuntimeDxe, SecureBootHandler utiliza DataSize y VariableNameSize para determinar si los datos o el nombre est\u00e1n en el b\u00fafer, pero estos son proporcionados por el emisor y, por lo tanto, no son confiables."}], "lastModified": "2025-05-16T15:15:47.150", "sourceIdentifier": "cve@mitre.org"}