Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

Customers

CVE-2024-1298 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2024-1298

CVE-2024-1298

MEDIUM6.0

Integer Overflow caused by divide by zero during S3 suspension

Published May 30, 2024

Modified 4 months ago

Details

EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.

References

WEB

https://github.com/tianocore/edk2/security/advisories/GHSA-chfw-xj8f-6m53

WEB

https://lists.debian.org/debian-lts-announce/2025/06/msg00007.html

WEB

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F7NUL7NSZQ76A5OKDUCODQNY7WSX4SST/

WEB

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIMEZWDKEIQKU7NMHKL57DOCITPGEXYN/

WEB

https://security.netapp.com/advisory/ntap-20250306-0002/

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2024-1298

CVSS Analysis

CVSS v3.1

6.0

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

HighPR:H

User Interaction

NoneUI:N

Scope

ChangedS:C

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

6/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Weakness Type (CWE)

Other

CWE-369

Ecosystems

Timeline

PublishedMay 30, 2024

ModifiedNov 3, 2025