diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceDxe.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceDxe.c
new file mode 100644
index 0000000000..0f64ee093b
--- /dev/null
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceDxe.c
@@ -0,0 +1,31 @@
+/** @file
+  Serialize operation on all load-from-memory instructions (DXE version).
+
+Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution.  The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include "Variable.h"
+
+/**
+  This service is consumed by the variable modules to perform a serializing
+  operation on all load-from-memory instructions that were issued prior to the
+  call of this function.
+
+**/
+VOID
+MemoryLoadFence (
+  VOID
+  )
+{
+  //
+  // Do nothing.
+  //
+}
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceSmm.c
new file mode 100644
index 0000000000..4b0d7e3e95
--- /dev/null
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/LoadFenceSmm.c
@@ -0,0 +1,30 @@
+/** @file
+  Serialize operation on all load-from-memory instructions (SMM version).
+
+Copyright (c) 2018, Intel Corporation. All rights reserved.<BR>
+This program and the accompanying materials
+are licensed and made available under the terms and conditions of the BSD License
+which accompanies this distribution.  The full text of the license may be found at
+http://opensource.org/licenses/bsd-license.php
+
+THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+**/
+
+#include <Library/BaseLib.h>
+#include "Variable.h"
+
+/**
+  This service is consumed by the variable modules to perform a serializing
+  operation on all load-from-memory instructions that were issued prior to the
+  call of this function.
+
+**/
+VOID
+MemoryLoadFence (
+  VOID
+  )
+{
+  AsmLfence ();
+}
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h b/MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h
index b98b8556a2..a324ad2365 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/PrivilegePolymorphic.h
@@ -7,7 +7,7 @@
   vs. non-privileged driver code.
 
   Copyright (c) 2017, Red Hat, Inc.<BR>
-  Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>
 
   This program and the accompanying materials are licensed and made available
   under the terms and conditions of the BSD License which accompanies this
@@ -84,4 +84,15 @@ SetVariableCheckHandlerMor (
   IN VOID       *Data
   );
 
+/**
+  This service is consumed by the variable modules to perform a serializing
+  operation on all load-from-memory instructions that were issued prior to the
+  call of this function.
+
+**/
+VOID
+MemoryLoadFence (
+  VOID
+  );
+
 #endif
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
index dc8622db81..a2d61c8cd6 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/Variable.c
@@ -3198,6 +3198,12 @@ VariableServiceSetVariable (
       ((EFI_VARIABLE_AUTHENTICATION_2 *) Data)->AuthInfo.Hdr.dwLength < OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) {
       return EFI_SECURITY_VIOLATION;
     }
+    //
+    // The MemoryLoadFence() call here is to ensure the above sanity check
+    // for the EFI_VARIABLE_AUTHENTICATION_2 descriptor has been completed
+    // before the execution of subsequent codes.
+    //
+    MemoryLoadFence ();
     PayloadSize = DataSize - AUTHINFO2_SIZE (Data);
   } else {
     PayloadSize = DataSize;
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
index 2d0a172ece..868981ccaf 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf
@@ -46,6 +46,7 @@
   TcgMorLockDxe.c
   VarCheck.c
   VariableExLib.c
+  LoadFenceDxe.c
 
 [Packages]
   MdePkg/MdePkg.dec
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
index e495d971a0..6dc19c24db 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c
@@ -537,6 +537,12 @@ SmmVariableHandler (
         goto EXIT;
       }
 
+      //
+      // The MemoryLoadFence() call here is to ensure the previous range/content
+      // checks for the CommBuffer have been completed before the subsequent
+      // consumption of the CommBuffer content.
+      //
+      MemoryLoadFence ();
       if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {
         //
         // Make sure VariableName is A Null-terminated string.
@@ -631,6 +637,12 @@ SmmVariableHandler (
         goto EXIT;
       }
 
+      //
+      // The MemoryLoadFence() call here is to ensure the previous range/content
+      // checks for the CommBuffer have been completed before the subsequent
+      // consumption of the CommBuffer content.
+      //
+      MemoryLoadFence ();
       if (SmmVariableHeader->NameSize < sizeof (CHAR16) || SmmVariableHeader->Name[SmmVariableHeader->NameSize/sizeof (CHAR16) - 1] != L'\0') {
         //
         // Make sure VariableName is A Null-terminated string.
@@ -766,6 +778,12 @@ SmmVariableHandler (
         goto EXIT;
       }
 
+      //
+      // The MemoryLoadFence() call here is to ensure the previous range/content
+      // checks for the CommBuffer have been completed before the subsequent
+      // consumption of the CommBuffer content.
+      //
+      MemoryLoadFence ();
       if (CommVariableProperty->NameSize < sizeof (CHAR16) || CommVariableProperty->Name[CommVariableProperty->NameSize/sizeof (CHAR16) - 1] != L'\0') {
         //
         // Make sure VariableName is A Null-terminated string.
diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
index dbb0674a46..2fe72ff8a4 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf
@@ -54,6 +54,7 @@
   PrivilegePolymorphic.h
   VariableExLib.c
   TcgMorLockSmm.c
+  LoadFenceSmm.c
 
 [Packages]
   MdePkg/MdePkg.dec