CVE-2024-38796
Published: October 1, 2024Last modified: June 5, 2025
Description
EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.9 |
| Attack Vector | ADJACENT_NETWORK |
| Attack complexity | HIGH |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | LOW |
| Integrity impact | HIGH |
| Availability impact | LOW |
| Vector | CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | edk2 | Unknown (0.0.202208-r0) |
| Stream | edk2 | Unknown (0.0.202302-r0) |