Sensitive Information Exposure in BIOS by EDK2 Software from TianoCore
CVE-2024-38798

5.8MEDIUM

Key Information:

Vendor: Tianocore
Status: Edk2
Vendor: CVE Published:; 9 December 2025

What is CVE-2024-38798?

The EDK2 software, developed by TianoCore, contains a vulnerability that allows unauthorized local access to sensitive information stored within the BIOS. This flaw could enable an attacker to disclose confidential data or potentially escalate their privileges, which could significantly compromise system integrity and confidentiality. Proper patches and updates are essential to safeguard against such risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

EDK2 0

References

https://github.com/tianocore/edk2/security/advisories/GHS...

CVSS V4

Score:

5.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Jun 19, 2024

JSON

Tianocore