CVE-2024-38805
published 2025-08-12CVE-2024-38805: EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this…
medium6.3CVSS 3.1
AVAACLPRLUINSUCNILAH
EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | edk2 | < edk2 2025.02-9 (forky) | edk2 2025.02-9 (forky) |
| tianocore | edk2 | <= edk2-stable202502 | — |
| tianocore | edk2 | >= 0 < 2025.02-8+deb13u1 | 2025.02-8+deb13u1 |
| tianocore | edk2 | >= 0 < 2025.02-9 | 2025.02-9 |
| tianocore | edk2 | >= 0 < 2022.02-3ubuntu0.22.04.5 | 2022.02-3ubuntu0.22.04.5 |
| tianocore | edk2 | >= 0 < 2022.02-3ubuntu0.22.04.4 | 2022.02-3ubuntu0.22.04.4 |
| tianocore | edk2 | >= 0 < 2024.02-2ubuntu0.7 | 2024.02-2ubuntu0.7 |
| tianocore | edk2 | >= 0 < 2024.02-2ubuntu0.6 | 2024.02-2ubuntu0.6 |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
osv7.4HIGH