Lucene search
TianoCoreCVE-2024-1298HistoryMay 30, 2024 - 9:15 p.m.
CVE-2024-1298
2024-05-3021:15:09
CWE-369
TianoCore
web.nvd.nist.gov
34
edk2
s3 sleep
vulnerability
cve-2024-1298
division-by-zero
unit32 overflow
local access
availability
CVSS3
6
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
AI Score
6.8
Confidence
High
EPSS
0
Percentile
15.5%
EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "edk2",
"vendor": "TianoCore",
"versions": [
{
"lessThan": "edk2-stable202405",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]Related
fedora
fedora
[SECURITY] Fedora 39 Update: efifs-1.9-6.fc39
2024-06-11 01:59:14
[SECURITY] Fedora 40 Update: efifs-1.9-6.fc40
2024-06-11 01:51:24
openvas
openvas
Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2024-2204)
2024-08-20 00:00:00
Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2024-2177)
2024-08-20 00:00:00
Fedora: Security Advisory (FEDORA-2024-69933b0732)
2024-06-11 00:00:00
nessus
nessus
Amazon Linux 2 : edk2 (ALAS-2024-2578)
2024-06-24 00:00:00
RHEL 8 : edk2 (RHSA-2024:5623)
2024-08-20 00:00:00
EulerOS Virtualization 2.11.1 : edk2 (EulerOS-SA-2024-2177)
2024-08-21 00:00:00
osv
osv
CVE-2024-1298
2024-05-30 21:15:00
Moderate: edk2 security update
2024-08-13 00:00:00
amazon
amazon
Medium: edk2
2024-06-19 19:15:00
redhat
redhat
(RHSA-2024:4747) Moderate: edk2 security update
2024-07-23 14:47:22
(RHSA-2024:5623) Moderate: edk2 security update
2024-08-20 15:33:03
(RHSA-2024:5297) Moderate: edk2 security update
2024-08-13 14:51:59
ubuntucve
ubuntucve
CVE-2024-1298
2024-05-30 00:00:00
redhatcve
redhatcve
CVE-2024-1298
2024-06-02 14:30:22
vulnrichment
vulnrichment
CVE-2024-1298 Integer Overflow caused by divide by zero during S3 suspension
2024-05-30 20:46:21
cbl_mariner
cbl_mariner
cvelist
cvelist
CVE-2024-1298 Integer Overflow caused by divide by zero during S3 suspension
2024-05-30 20:46:21
debiancve
debiancve
CVE-2024-1298
2024-05-30 21:15:09
nvd
nvd
CVE-2024-1298
2024-05-30 21:15:09
oraclelinux
oraclelinux
edk2 security update
2024-08-13 00:00:00
almalinux
almalinux
Moderate: edk2 security update
2024-08-13 00:00:00
CVSS3
6
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
AI Score
6.8
Confidence
High
EPSS
0
Percentile
15.5%
Related for CVE-2024-1298