Insyde's Security Pledge

[EDK2] Integer overflows in PeCoffLoaderRelocateImage.

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L

CVE-2024-38796 (BZ-1933)

EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.

kernel 5.2, Version 05.29.51
kernel 5.3, Version 05.38.51
kernel 5.4, Version 05.46.51
kernel 5.5, Version 05.54.51
kernel 5.6, Version 05.61.51
kernel 5.7, Version 05.70.51