Detections
Analytics

CVE-2024-38798

medium

Description

EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access. Successful exploitation of this vulnerability will lead to possible information disclosure or escalation of privilege and impact Confidentiality.

References

https://github.com/tianocore/edk2/security/advisories/GHSA-q2c6-37h5-7cwf

Details

Source: Mitre, NVD

Published: 2025-12-09

Updated: 2025-12-09

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 5.8

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L

Severity: Medium

CVSS v4

Base Score: 5.8

Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L

Severity: Medium

EPSS

EPSS: 0.00014