CVE-2024-38798

EUVD-2024-55310
EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access. Successful exploitation of this vulnerability will lead to 

possible information disclosure or escalation of privilege

 and impact Confidentiality.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Debian logo
Debian Releases
Debian Product
Codename
edk2
bookworm
no-dsa
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
vulnerable
sid
2025.11-1
fixed
trixie
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
edk2
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
needs-triage
xenial
needs-triage
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
edk2-aarch64
Amazon Linux 2
0:20240813-305.amzn2
fixed
edk2-debuginfo
Amazon Linux 2
0:20240813-305.amzn2
fixed
edk2-ovmf
Amazon Linux 2
0:20240813-305.amzn2
fixed
edk2-tools
Amazon Linux 2
0:20240813-305.amzn2
fixed
edk2-tools-doc
Amazon Linux 2
0:20240813-305.amzn2
fixed