CVE-2024-1298 — Divide By Zero in Edk2

CWE-369 — Divide By Zero CWE-476 — NULL Pointer Dereference13 documents8 sources

Severity

6.0MEDIUMNVD

OSV7.4

EPSS

0.0%

top 90.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tianocore Edk2

Timeline

PublishedMay 30

Latest updateNov 28

Description

EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.5 | Impact: 4.0

Affected Packages3 packages

▶CVEListV5tianocore/edk2< edk2-stable202405

▶Debiantianocore/edk2< 2020.11-2+deb11u3+3

▶Ubuntutianocore/edk2< 2022.02-3ubuntu0.22.04.4+1

🔴Vulnerability Details

OSV

edk2 regression↗2025-11-28

▶

OSV

edk2 vulnerabilities↗2025-11-26

▶

OSV

CVE-2024-43903: In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane↗2024-08-26

▶

GHSA

GHSA-xvcj-qw55-xx42: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access↗2024-05-30

▶

CVEList

Integer Overflow caused by divide by zero during S3 suspension↗2024-05-30

▶

📋Vendor Advisories

Ubuntu

EDK II vulnerabilities↗2025-11-26

▶

Red Hat

kernel: drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2)↗2024-10-21

▶

Red Hat

edk2: Temporary DoS vulnerability↗2024-05-31

▶

Microsoft

Integer Overflow caused by divide by zero during S3 suspension↗2024-05-14

▶

Debian

CVE-2024-1298: edk2 - EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may c...↗2024

▶