Insyde InsydeH2O VariableRuntimeDxe Driver Buffer Over-Read Vulnerability

A buffer over-read vulnerability has been identified in the InsydeH2O firmware, specifically in the VariableRuntimeDxe driver. This issue affects several kernel versions prior to their respective fixed releases. The vulnerability arises because the VariableServicesSetVariable function can be invoked by gRT_SetVariable or through SMM (System Management Mode) sensitive variable functions. Within VariableServicesSetVariable, unsafe string handling functions are used, which may lead to a buffer over-read condition.

Impact

Exploitation of this vulnerability can lead to a buffer over-read, where an attacker could potentially read sensitive data from memory that should not be accessible.

Remediation

Users can upgrade to InsydeH2O kernel versions 5.2 (through 05.29.50), 5.3 (through 05.38.50), 5.4 (through 05.46.50), 5.5 (through 05.54.50), 5.6 (through 05.61.50), or 5.7 (through 05.70.50) to address this vulnerability.