CVE-2024-38796

EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 4.7

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/tianocore/edk2/security/advisories/GHSA-xpcr-7hjq-m6qm
https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html
https://security.netapp.com/advisory/ntap-20241206-0006/

Configurations

No configuration.

History

03 Nov 2025, 20:16

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html -

06 Dec 2024, 14:15

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20241206-0006/ -

Information

Published : 2024-09-27 22:15

Updated : 2025-11-03 20:16

NVD link : CVE-2024-38796

Mitre link : CVE-2024-38796

CVE.ORG link : CVE-2024-38796

JSON object : View

Products Affected

No product.

CWE

CWE-122

Heap-based Buffer Overflow

5.9 /10