Insyde InsydeH2O VariableRuntimeDxe Driver Buffer Over-Read Vulnerability

A buffer over-read vulnerability has been identified in the InsydeH2O firmware's VariableRuntimeDxe driver, affecting several kernel versions prior to their respective fixed releases. The issue arises in the SmmCreateVariableLockList() callback function, which calls CreateVariableLockListInSmm(). Within this function, StrSize() is used to determine the size of variable names, leading to a potential buffer over-read. This vulnerability is classified under CWE-126.

Impact

Exploitation of this vulnerability can lead to a buffer over-read, where an attacker could read beyond the allocated memory buffer, potentially causing unintended behavior or information disclosure.

Remediation

Users can upgrade to InsydeH2O kernel versions 5.2 (through 05.29.50), 5.3 (through 05.38.50), 5.4 (through 05.46.50), 5.5 (through 05.54.50), 5.6 (through 05.61.50), and 5.7 (through 05.70.50) to address this vulnerability.