Fluid Attacks Database

Description

A flaw was found in EDK2. This vulnerability allows information disclosure or escalation of privilege via local access to the BIOS (Basic Input/Output System).

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
debian 12	edk2	=2022.11-6 \|\| =2022.11-6+deb12u1 \|\| =2022.11-6+deb12u2 \|\| =2023.02-1 \|\| =2023.02-2 \|\| =2023.05-1 \|\| =2023.05-2 \|\| =2023.08-1 \|\| =2023.11-1 \|\| =2023.11-2 \|\| =2023.11-3 \|\| =2023.11-4 \|\| =2023.11-5 \|\| =2023.11-6 \|\| =2023.11-7 \|\| =2023.11-8 \|\| =2024.02-1 \|\| =2024.02-2 \|\| =2024.05-1 \|\| =2024.05-2 \|\| =2024.08-1 \|\| =2024.08-2 \|\| =2024.08-3 \|\| =2024.08-4 \|\| =2024.11-1 \|\| =2024.11-2 \|\| =2024.11-3 \|\| =2024.11-4 \|\| =2024.11-5 \|\| =2025.02-1 \|\| =2025.02-10 \|\| =2025.02-2 \|\| =2025.02-3 \|\| =2025.02-4 \|\| =2025.02-5 \|\| =2025.02-6 \|\| =2025.02-7 \|\| =2025.02-8 \|\| =2025.02-9 \|\| =2025.05-1 \|\| =2025.05-2 \|\| =2025.08.01-1 \|\| =2025.08.01-2 \|\| =2025.08.01-3 \|\| =2025.08.01-4 \|\| =2025.08.01-5 \|\| =2025.08.01-6 \|\| =2025.11-1 \|\| =2025.11-2 \|\| =2025.11-3 \|\| =2025.11-4 \|\| =2025.11-5
debian 11	edk2	=2020.11-2 \|\| =2020.11-2+deb11u1 \|\| =2020.11-2+deb11u2 \|\| =2020.11-2+deb11u3 \|\| =2020.11-3 \|\| =2020.11-4 \|\| =2020.11-5 \|\| =2021.02-1 \|\| =2021.05-1 \|\| =2021.08-1 \|\| =2021.08-2 \|\| =2021.08-3 \|\| =2021.08~rc0-1 \|\| =2021.08~rc0-2 \|\| =2021.11-1 \|\| =2021.11-2 \|\| =2021.11~rc1-1 \|\| =2022.02-1 \|\| =2022.02-2 \|\| =2022.02-3 \|\| =2022.02~rc1-1 \|\| =2022.05-1 \|\| =2022.05-2 \|\| =2022.05-3 \|\| =2022.05-4 \|\| =2022.05~rc1-1 \|\| =2022.08-1 \|\| =2022.11-1 \|\| =2022.11-2 \|\| =2022.11-3 \|\| =2022.11-4 \|\| =2022.11-5 \|\| =2022.11-6 \|\| =2023.02-1 \|\| =2023.02-2 \|\| =2023.05-1 \|\| =2023.05-2 \|\| =2023.08-1 \|\| =2023.11-1 \|\| =2023.11-2 \|\| =2023.11-3 \|\| =2023.11-4 \|\| =2023.11-5 \|\| =2023.11-6 \|\| =2023.11-7 \|\| =2023.11-8 \|\| =2024.02-1 \|\| =2024.02-2 \|\| =2024.05-1 \|\| =2024.05-2 \|\| =2024.08-1 \|\| =2024.08-2 \|\| =2024.08-3 \|\| =2024.08-4 \|\| =2024.11-1 \|\| =2024.11-2 \|\| =2024.11-3 \|\| =2024.11-4 \|\| =2024.11-5 \|\| =2025.02-1 \|\| =2025.02-10 \|\| =2025.02-2 \|\| =2025.02-3 \|\| =2025.02-4 \|\| =2025.02-5 \|\| =2025.02-6 \|\| =2025.02-7 \|\| =2025.02-8 \|\| =2025.02-9 \|\| =2025.05-1 \|\| =2025.05-2 \|\| =2025.08.01-1 \|\| =2025.08.01-2 \|\| =2025.08.01-3 \|\| =2025.08.01-4 \|\| =2025.08.01-5 \|\| =2025.08.01-6 \|\| =2025.11-1 \|\| =2025.11-2 \|\| =2025.11-3 \|\| =2025.11-4 \|\| =2025.11-5
debian 13	edk2	=2025.02-10 \|\| =2025.02-8 \|\| =2025.02-8+deb13u1 \|\| =2025.02-9 \|\| =2025.05-1 \|\| =2025.05-2 \|\| =2025.08.01-1 \|\| =2025.08.01-2 \|\| =2025.08.01-3 \|\| =2025.08.01-4 \|\| =2025.08.01-5 \|\| =2025.08.01-6 \|\| =2025.11-1 \|\| =2025.11-2 \|\| =2025.11-3 \|\| =2025.11-4 \|\| =2025.11-5
debian 14	edk2	=2025.02-10 \|\| =2025.02-8 \|\| =2025.02-9 \|\| =2025.05-1 \|\| =2025.05-2 \|\| =2025.08.01-1 \|\| =2025.08.01-2 \|\| =2025.08.01-3 \|\| =2025.08.01-4 \|\| =2025.08.01-5 \|\| =2025.08.01-6 \|\| =2025.11-1 \|\| =2025.11-2 \|\| =2025.11-3 \|\| =2025.11-4 \|\| =2025.11-5
rpm rhel8	edk2	-
rpm rhel10	edk2	-
rpm rhel9	edk2	-

Aliases

1. CVE-2024-387982. NVD-2024-387983. OSV-DEBIAN-2024-387984. OSV-2024-387985. SECURITY-TRACKER-CVE-2024-38798

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.