Sensitive Information Exposure in BIOS by EDK2 Software from TianoCore
CVE-2024-38798

5.8MEDIUM

Key Information:

Vendor: Tianocore
Status: Edk2
Vendor: CVE Published:; 9 December 2025

What is CVE-2024-38798?

The EDK2 software, developed by TianoCore, contains a vulnerability that allows unauthorized local access to sensitive information stored within the BIOS. This flaw could enable an attacker to disclose confidential data or potentially escalate their privileges, which could significantly compromise system integrity and confidentiality. Proper patches and updates are essential to safeguard against such risks.

Affected Version(s)

EDK2 0

References

https://github.com/tianocore/edk2/security/advisories/GHS...

CVSS V4

Score:

5.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Jun 19, 2024

JSON

Tianocore

What is CVE-2024-38798?

Affected Version(s)

References

CVSS V4

Timeline