CVE-2024-38798

EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access. Successful exploitation of this vulnerability will lead to possible information disclosure or escalation of privilege and impact Confidentiality.

CVSS

No CVSS.

References

Link	Resource
https://github.com/tianocore/edk2/security/advisories/GHSA-q2c6-37h5-7cwf

Configurations

No configuration.

History

09 Dec 2025, 16:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-09 16:17

Updated : 2025-12-09 18:37

NVD link : CVE-2024-38798

Mitre link : CVE-2024-38798

CVE.ORG link : CVE-2024-38798

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2024-38798", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "infosec@edk2.groups.io", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-12-09T16:17:27.787", "references": [{"url": "https://github.com/tianocore/edk2/security/advisories/GHSA-q2c6-37h5-7cwf", "source": "infosec@edk2.groups.io"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "infosec@edk2.groups.io", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "EDK2 contains a vulnerability in BIOS where an attacker may cause \u201cExposure of Sensitive Information to an Unauthorized Actor\u201d by local access. Successful exploitation of this vulnerability will lead to \n\npossible information disclosure or escalation of privilege\n\n and impact Confidentiality."}], "lastModified": "2025-12-09T18:37:13.640", "sourceIdentifier": "infosec@edk2.groups.io"}

CVE-2024-38798

JSON object

Attach tags to CVE-2024-38798

Attach tags to `CVE-2024-38798`