CVE-2024-38796Heap-based Buffer Overflow in Edk2

CWE-122Heap-based Buffer Overflow7 documents7 sources
Severity
5.9MEDIUMNVD
EPSS
0.1%
top 79.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tianocore Edk2
Timeline
PublishedSep 27
Latest updateNov 26

Description

EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:LExploitability: 1.2 | Impact: 4.7

Affected Packages2 packages

Debiantianocore/edk2< 2020.11-2+deb11u3+3
CVEListV5tianocore/edk2edk2-stable202405

🔴Vulnerability Details

2
CVEList
Integer overflow in PeCoffLoaderRelocateImage2024-09-27
OSV
CVE-2024-38796: EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage()2024-09-27

📋Vendor Advisories

4
Ubuntu
EDK II vulnerabilities2025-11-26
Red Hat
edk2: Integer overflows in PeCoffLoaderRelocateImage2024-09-27
Microsoft
Integer overflow in PeCoffLoaderRelocateImage2024-09-10
Debian
CVE-2024-38796: edk2 - EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker ma...2024
CVE-2024-38796 — Heap-based Buffer Overflow in Edk2 | cvebase