CVE-2024-38798 | THREATINT

Description

EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access. Successful exploitation of this vulnerability will lead to possible information disclosure or escalation of privilege and impact Confidentiality.

PUBLISHED Reserved 2024-06-19 | Published 2025-12-09 | Updated 2025-12-09 | Assigner TianoCore

MEDIUM: 5.8CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L

Problem types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status

unaffected

Any version before edk2-stable202511

affected

References

github.com/...e/edk2/security/advisories/GHSA-q2c6-37h5-7cwf

cve.org (CVE-2024-38798)

nvd.nist.gov (CVE-2024-38798)

Download JSON