Memory Corruption Vulnerability in EDK2's PeCoffLoaderRelocateImage Could Lead to Loss of Confidentiality, Integrity, and Availability
CVE-2024-38796

5.9MEDIUM

Key Information:

Vendor: Tianocore
Status: Edk2
Vendor: CVE Published:; 27 September 2024

What is CVE-2024-38796?

EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.

Affected Version(s)

EDK2 0

References

https://github.com/tianocore/edk2/security/advisories/GHS...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2024

Tianocore

What is CVE-2024-38796?

Affected Version(s)

References

CVSS V3.1

Timeline