CVE-2024-38797
published 2025-04-07CVE-2024-38797: EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of bounds when a corrupted data pointer and length are sent via an…
medium4.6CVSS 3.1
AVAACLPRLUINSUCNILAL
EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this vulnerability may lead to a loss of Integrity and/or Availability.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | edk2 | < edk2 2025.02-8 (forky) | edk2 2025.02-8 (forky) |
| tianocore | edk2 | <= edk2-stable202408 | — |
| tianocore | edk2 | >= 0 < 2025.02-8 | 2025.02-8 |
| tianocore | edk2 | >= 0 < 2025.02-8 | 2025.02-8 |
| tianocore | edk2 | >= 0 < 2022.02-3ubuntu0.22.04.5 | 2022.02-3ubuntu0.22.04.5 |
| tianocore | edk2 | >= 0 < 2022.02-3ubuntu0.22.04.4 | 2022.02-3ubuntu0.22.04.4 |
| tianocore | edk2 | >= 0 < 2024.02-2ubuntu0.7 | 2024.02-2ubuntu0.7 |
| tianocore | edk2 | >= 0 < 2024.02-2ubuntu0.6 | 2024.02-2ubuntu0.6 |
CVSS provenance
nvdv3.14.6MEDIUMCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
osv7.4HIGH