Red Hat: CVE-2024-38796: edk2: Integer overflows in PeCoffLoaderRelocateImage (Multiple Advisories)

Red Hat: CVE-2024-38796: edk2: Integer overflows in PeCoffLoaderRelocateImage (Multiple Advisories)

Severity

6

CVSS

(AV:A/AC:H/Au:S/C:P/I:C/A:P)

Published

09/27/2024

Created

11/28/2024

Added

11/27/2024

Modified

02/10/2025

Description

EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.

Solution(s)

• redhat-upgrade-edk2-aarch64
• redhat-upgrade-edk2-debugsource
• redhat-upgrade-edk2-ovmf
• redhat-upgrade-edk2-tools
• redhat-upgrade-edk2-tools-debuginfo
• redhat-upgrade-edk2-tools-doc

References

• CVE-2024-38796
• RHSA-2024:10268
• RHSA-2024:11185
• RHSA-2024:11219
• RHSA-2024:9921
• RHSA-2024:9956