How severe is CVE-2024-52880?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.9 out of 10.

What type of vulnerability is CVE-2024-52880?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2024-52880 - HIGH Severity | CVSS 7.9

Vulnerability Description

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, SecureBootHandler uses DataSize and VariableNameSize when determining if the data or name are in the buffer, but these are supplied by the caller and therefore cannot be trusted.

Related Vulnerabilities

CVE-2016-9379

HIGH

CVSS:7.9(High)

The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes ...

CWE-202016

CVE-2022-42269

HIGH

CVSS:7.9(High)

NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a highly privileged local attacker to cause information disclosure and compromise...

CWE-202022

CVE-2023-30440

HIGH

CVSS:7.9(High)

IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with...

CWE-202023

CVE-2023-45745

HIGH

CVSS:7.9(High)

Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.

CWE-202023

CVE-2024-21978

HIGH

CVSS:7.9(High)

Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.

CWE-202024

CVE-2025-20032

HIGH

CVSS:7.9(High)

Improper input validation for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow a privileged user to potentially enable denial of service via local access.

CWE-202025