CVE-2024-38797Out-of-bounds Read in Edk2

CWE-125Out-of-bounds Read6 documents6 sources
Severity
4.6MEDIUMNVD
EPSS
0.1%
top 72.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tianocore Edk2
Timeline
PublishedApr 7
Latest updateNov 26

Description

EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this vulnerability may lead to a loss of Integrity and/or Availability.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:LExploitability: 2.1 | Impact: 2.5

Affected Packages2 packages

Debiantianocore/edk2< 2025.02-8+1
CVEListV5tianocore/edk2edk2-stable202408

🔴Vulnerability Details

2
OSV
CVE-2024-38797: EDK2 contains a vulnerability in the HashPeImageByType()2025-04-07
CVEList
Out-of-bounds Read in HashPeImageByType()2025-04-07

📋Vendor Advisories

3
Ubuntu
EDK II vulnerabilities2025-11-26
Red Hat
edk2: Out-of-bounds Read in EDK22025-04-07
Debian
CVE-2024-38797: edk2 - EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a rea...2024
CVE-2024-38797 — Out-of-bounds Read in Tianocore Edk2 | cvebase