INFSA-2024:11219: edk2:20240524 security update
Information about definition
Identificator: INFSA-2024:11219
Type: security
Release date: 2025-06-26 16:58:13 UTC
Information about package
EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.
Vulnerabilities description
- CVE-2024-38796
A flaw was found in the EDK2 package. This flaw allows an attacker to cause memory corruption due to an overflow via an adjacent network. This issue may lead to loss of confidentiality, integrity, and availability.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-38796
|
no information | 5.9 | no information |
Updated packages