CVE-2024-38798

CVE-2024-38798

Name

CVE-2024-38798

Description

EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access. Successful exploitation of this vulnerability will lead to possible information disclosure or escalation of privilege and impact Confidentiality.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
infosec@edk2.groups.io	https://github.com/tianocore/edk2/security/advisories/GHSA-q2c6-37h5-7cwf

Type

URI

infosec@edk2.groups.io

https://github.com/tianocore/edk2/security/advisories/GHSA-q2c6-37h5-7cwf

CPE URI	Source package	Min version	Max version
	edk2	== 0	== None

CPE URI

Source package

Min version

Max version

edk2

== 0

== None

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
edk2	edge-community	0.0.202508-r4	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
edk2	edge-community	0.0.202508-r3	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
edk2	edge-community	0.0.202508-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
edk2	edge-community	0.0.202508-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
edk2	edge-community	0.0.202508-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
edk2	edge-community	0.0.202308-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
edk2	3.23-community	0.0.202508-r4	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
edk2	3.22-community	0.0.202308-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

edk2

edge-community

0.0.202508-r4

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

edk2

edge-community