Insyde InsydeH2O VariableRuntimeDxe Driver Buffer Over-Read Vulnerability in SecureBootHandler

A buffer over-read vulnerability has been identified in the InsydeH2O firmware's VariableRuntimeDxe driver, specifically in versions of kernel 5.2 prior to 05.29.50, kernel 5.3 prior to 05.38.50, kernel 5.4 prior to 05.46.50, kernel 5.5 prior to 05.54.50, kernel 5.6 prior to 05.61.50, and kernel 5.7 prior to 05.70.50. The issue arises because the SecureBootHandler function improperly trusts DataSize and VariableNameSize parameters, which are supplied by the caller, when determining if data or names are present in the buffer.

Impact

Exploitation of this vulnerability can lead to a buffer over-read, which may allow an attacker to read sensitive data from memory or cause a denial-of-service condition by disrupting normal application or system processes.

Remediation

Users can upgrade to InsydeH2O versions 5.2 (through 05.29.50), 5.3 (through 05.38.50), 5.4 (through 05.46.50), 5.5 (through 05.54.50), 5.6 (through 05.61.50), or 5.7 (through 05.70.50) to address this vulnerability.