CVE-2024-38798Sensitive Information Exposure in Edk2

CWE-200Sensitive Information Exposure7 documents7 sources
Severity
5.8MEDIUMNVD
EPSS
0.0%
top 90.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Tianocore Edk2
Timeline
PublishedDec 9

Description

EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access. Successful exploitation of this vulnerability will lead to possible information disclosure or escalation of privilege and impact Confidentiality.

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L

Affected Packages1 packages

CVEListV5tianocore/edk2< edk2-stable202511

🔴Vulnerability Details

3
OSV
CVE-2024-38798: EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access2025-12-09
CVEList
Uncleared password keystrokes in circular queue can lead to information disclosure or escalation of privilege2025-12-09
GHSA
GHSA-r48c-47wj-rhc5: EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access2025-12-09

📋Vendor Advisories

2
Red Hat
EDK2: EDK2: Information Disclosure and Privilege Escalation via Local BIOS Access2025-12-09
Debian
CVE-2024-38798: edk2 - EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of S...2024

🕵️Threat Intelligence

1
Wiz
CVE-2024-38798 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2024-38798 — Sensitive Information Exposure in Edk2 | cvebase