UBUNTU-CVE-2024-38797 | Mondoo Vulnerability Intelligence

UBUNTU-CVE-2024-38797

MEDIUM5.5

EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this

Published Apr 7, 2025

Modified 3 months ago

Fix available

Details

EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this vulnerability may lead to a loss of Integrity and/or Availability.

Affected Packages

edk2

Ubuntu 20.04 LTS

Affected versions:

0~20190606.20d2e5a1-2ubuntu10~20190828.37eef910-30~20190828.37eef910-40~20191122.bd85bf54-10~20191122.bd85bf54-1ubuntu10~20191122.bd85bf54-20~20191122.bd85bf54-2ubuntu10~20191122.bd85bf54-2ubuntu20~20191122.bd85bf54-2ubuntu30~20191122.bd85bf54-2ubuntu3.1+5 more

edk2

Ubuntu 22.04 LTS

Fixed in:

2022.02-3ubuntu0.22.04.4

edk2

Ubuntu 24.04 LTS

Fixed in:

2024.02-2ubuntu0.6

edk2

Ubuntu Pro 16.04 LTS

Affected versions:

0~20150106.5c2d456b-20~20160104.c2a892d7-10~20160408.ffea0a2c-20~20160408.ffea0a2c-2ubuntu0.10~20160408.ffea0a2c-2ubuntu0.20~20160408.ffea0a2c-2ubuntu0.2+esm10~20160408.ffea0a2c-2ubuntu0.2+esm3

edk2

Ubuntu Pro 18.04 LTS

Affected versions:

0~20170911.5dfba97c-10~20171010.234dbcef-10~20171027.76fd5a66-10~20171205.a9212288-10~20180105.0bc94c74-10~20180205.c0d9813c-10~20180205.c0d9813c-20~20180205.c0d9813c-2ubuntu0.10~20180205.c0d9813c-2ubuntu0.20~20180205.c0d9813c-2ubuntu0.3+2 more

References

REPORT

https://github.com/tianocore/edk2/security/advisories/GHSA-4wjw-6xmf-44xf

REPORT

https://ubuntu.com/security/CVE-2024-38797

ADVISORY

https://ubuntu.com/security/notices/USN-7894-1

REPORT

https://www.cve.org/CVERecord?id=CVE-2024-38797

CVSS Analysis

CVSS v3.1

Exploitability