EDK2 Vulnerability: Division-By-Zero via Local Access
CVE-2024-1298

6MEDIUM

Key Information:

Vendor: Tianocore
Status: Edk2
Vendor: CVE Published:; 30 May 2024

What is CVE-2024-1298?

EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.

Affected Version(s)

edk2 0

References

https://github.com/tianocore/edk2/security/advisories/GHS...

https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 30, 2024
Vulnerability Reserved
Feb 6, 2024

Credit

Binarly

Tianocore

What is CVE-2024-1298?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit