2420643 – (CVE-2024-38798) CVE-2024-38798 EDK2: EDK2: Information Disclosure and Privilege Escalation via Local BIOS Access

Bug 2420643 (CVE-2024-38798) - CVE-2024-38798 EDK2: EDK2: Information Disclosure and Privilege Escalation via Local BIOS Access

Summary: CVE-2024-38798 EDK2: EDK2: Information Disclosure and Privilege Escalation vi...

Keywords:
Status:	NEW
Alias:	CVE-2024-38798
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2423090 2423091
Blocks:
TreeView+	depends on / blocked

Reported:	2025-12-09 16:03 UTC by OSIDB Bzimport
Modified:	2025-12-17 08:12 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-12-09 16:03:24 UTC

EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access. Successful exploitation of this vulnerability will lead to 

possible information disclosure or escalation of privilege

 and impact Confidentiality.

Note You need to log in before you can comment on or make changes to this bug.