CVE-2024-38805 PUBLISHED

iSCSI Remote Memory Corruption and Denial of Service

Assigner: TianoCore
Reserved: 19.06.2024 Published: 12.08.2025 Updated: 12.08.2025

EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVSS Score: 6.3

Attack Vector	Adjacent Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	Low
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	TianoCore
Product	EDK2
Versions	Default: unaffected affected from 0 to edk2-stable202502 (incl.)

References

https://github.com/tianocore/edk2/security/advisories/GHSA-p7wp-52j7-6r5x

Problem Types

CWE-190 Integer Overflow or Wraparound CWE