Fluid Attacks Database

Description

EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	edk2	=2020.11-2 \|\| =2020.11-2+deb11u1 \|\| =2020.11-2+deb11u2 \|\| >=0 <2020.11-2+deb11u3	2020.11-2+deb11u3
debian 12	edk2	=2022.11-6 \|\| =2022.11-6+deb12u1 \|\| >=0 <2022.11-6+deb12u2	2022.11-6+deb12u2
debian 13	edk2	>=0 <2024.05-1	2024.05-1
debian 14	edk2	>=0 <2024.05-1	2024.05-1
rpm rhel8.8	edk2	<0:20220126gitbb1bba3d77-4.el8_8.4	0:20220126gitbb1bba3d77-4.el8_8.4
rpm rhel8	edk2	<0:20220126gitbb1bba3d77-13.el8_10.2	0:20220126gitbb1bba3d77-13.el8_10.2
rpm rhel9	edk2	<0:20240524-6.el9_5	0:20240524-6.el9_5

Aliases

1. CVE-2024-12982. NVD-2024-12983. OSV-DEBIAN-2024-12984. OSV-2024-12985. SECURITY-TRACKER-CVE-2024-1298

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.