Fluid Attacks Database

Description

EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	edk2	>=0 <2024.08-3	2024.08-3
debian 11	edk2	=2020.11-2 \|\| =2020.11-2+deb11u1 \|\| =2020.11-2+deb11u2 \|\| >=0 <2020.11-2+deb11u3	2020.11-2+deb11u3
debian 12	edk2	=2022.11-6 \|\| =2022.11-6+deb12u1 \|\| >=0 <2022.11-6+deb12u2	2022.11-6+deb12u2
debian 14	edk2	>=0 <2024.08-3	2024.08-3
rpm rhel9.4	edk2	<0:20231122-6.el9_4.6	0:20231122-6.el9_4.6
rpm rhel8.8	edk2	<0:20220126gitbb1bba3d77-4.el8_8.7	0:20220126gitbb1bba3d77-4.el8_8.7
rpm rhel9	edk2	<0:20240524-6.el9_5.3	0:20240524-6.el9_5.3
rpm rhel8	edk2	<0:20220126gitbb1bba3d77-13.el8_10.4	0:20220126gitbb1bba3d77-13.el8_10.4
rpm rhel9.2	edk2	<0:20221207gitfff6d81270b5-9.el9_2.5	0:20221207gitfff6d81270b5-9.el9_2.5

Aliases

1. CVE-2024-387962. NVD-2024-387963. OSV-DEBIAN-2024-387964. OSV-2024-387965. SECURITY-TRACKER-CVE-2024-38796

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.