CVE-2024-38798

EUVD-2024-55310
EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access. Successful exploitation of this vulnerability will lead to 

possible information disclosure or escalation of privilege

 and impact Confidentiality.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
Debian logo
Debian Releases
Debian Product
Codename
edk2
bookworm
no-dsa
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
vulnerable
sid
2025.11-1
fixed
trixie
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
edk2
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
needs-triage
questing
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://github.com/tianocore/edk2/security/advisories/GHSA-q2c6-37h5-7cwf