PT-2024-28227 · Edk2+9 · Edk2+9

Jkmathews

Published

2024-09-27

Updated

2026-03-03

CVE-2024-38796

CVSS v3.1

5.9

Medium

Vector

AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L

Name of the Vulnerable Software and Affected Versions EDK2 (affected versions not specified)

Description The issue is related to a vulnerability in the PeCoffLoaderRelocateImage() function, which can cause memory corruption due to an overflow. This can be triggered via an adjacent network, potentially leading to a loss of Confidentiality, Integrity, and/or Availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

ALSA-2024:11185

ALSA-2024:11219

AZL-49710

AZL-49713

AZL-49716

BDU:2025-11856

CESA-2024_11185

CVE-2024-38796

DLA-4207-1

GHSA-XPCR-7HJQ-M6QM

INFSA-2024_11185

INFSA-2024_11219

OESA-2024-2265

RHSA-2024:10268

RHSA-2024:10272

RHSA-2024:11185

RHSA-2024:11194

RHSA-2024:11219

RHSA-2024:9921

RHSA-2024:9930

RHSA-2024:9946

RHSA-2024:9956

RHSA-2024_11185

RHSA-2024_11219

RLSA-2024:11219

USN-7894-1

USN-7894-2

Affected Products

Almalinux

Astra Linux

Centos

Debian

Edk2

Linuxmint

Red Hat

Red Os

Rocky Linux

Ubuntu

PT-2024-28227 · Edk2+9 · Edk2+9

CVE-2024-38796

Weakness Enumeration

Related Identifiers

Affected Products

References · 84