Insyde InsydeH2O VariableRuntimeDxe Driver Buffer Over-Read Vulnerability

A buffer over-read vulnerability has been identified in the InsydeH2O firmware, specifically in the VariableRuntimeDxe driver. This issue affects several kernel versions prior to their respective fixed releases. The vulnerability arises because the SmmUpdateVariablePropertySmi() function, a System Management Mode (SMM) callback, uses StrCmp() to compare variable names, which can lead to a buffer over-read.

Impact

Exploitation of this vulnerability causes a buffer over-read, which can potentially be leveraged to read sensitive information from memory or to cause a denial-of-service condition by crashing the system.

Remediation

Users can upgrade to InsydeH2O kernel versions 5.2 (through 05.29.50), 5.3 (through 05.38.50), 5.4 (through 05.46.50), 5.5 (through 05.54.50), 5.6 (through 05.61.50), or 5.7 (through 05.70.50) to address this vulnerability.