UBUNTU-CVE-2024-38796 | Mondoo Vulnerability Intelligence

UBUNTU-CVE-2024-38796

MEDIUM5.9

EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lea

Published Sep 27, 2024

Modified 5 months ago

Fix available

Details

Affected Packages

edk2

Ubuntu 20.04 LTS

Affected versions:

0~20190606.20d2e5a1-2ubuntu10~20190828.37eef910-30~20190828.37eef910-40~20191122.bd85bf54-10~20191122.bd85bf54-1ubuntu10~20191122.bd85bf54-20~20191122.bd85bf54-2ubuntu10~20191122.bd85bf54-2ubuntu20~20191122.bd85bf54-2ubuntu30~20191122.bd85bf54-2ubuntu3.1+5 more

edk2

Ubuntu 22.04 LTS

Fixed in:

2022.02-3ubuntu0.22.04.4

edk2

Ubuntu 24.04 LTS

Fixed in:

2024.02-2ubuntu0.6

edk2

Ubuntu Pro 16.04 LTS

Affected versions:

0~20150106.5c2d456b-20~20160104.c2a892d7-10~20160408.ffea0a2c-20~20160408.ffea0a2c-2ubuntu0.10~20160408.ffea0a2c-2ubuntu0.20~20160408.ffea0a2c-2ubuntu0.2+esm10~20160408.ffea0a2c-2ubuntu0.2+esm3

edk2

Ubuntu Pro 18.04 LTS

Affected versions:

0~20170911.5dfba97c-10~20171010.234dbcef-10~20171027.76fd5a66-10~20171205.a9212288-10~20180105.0bc94c74-10~20180205.c0d9813c-10~20180205.c0d9813c-20~20180205.c0d9813c-2ubuntu0.10~20180205.c0d9813c-2ubuntu0.20~20180205.c0d9813c-2ubuntu0.3+2 more

References

REPORT

https://github.com/tianocore/edk2/security/advisories/GHSA-xpcr-7hjq-m6qm

REPORT

https://ubuntu.com/security/CVE-2024-38796

ADVISORY

https://ubuntu.com/security/notices/USN-7894-1

REPORT

https://www.cve.org/CVERecord?id=CVE-2024-38796

CVSS Analysis

CVSS v3.1

Exploitability