Base Score

MEDIUM5.9

CVE-2024-38796

EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.

VectorADJACENT_NETWORK

Published Byinfosec@edk2.groups.io

Published DateSep 27, 2024, 22:15

Weakness Type (CWE):CWE-122

CVSS Metrics

Base Score

5.9

Vector String

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

ADJACENT_NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

HIGH

Availability (A)

LOW

References

Base Score

MEDIUM5.9

Weakness Type (CWE):CWE-122

CVSS Metrics

Base Score

5.9

Vector String

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

ADJACENT_NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

HIGH

Availability (A)

LOW