CVE-2024-38797

MEDIUM Year: 2024
CVSS v3 Score
4.6
Medium
Weakness Type
CWE-125
View all →

Vulnerability Description

EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this vulnerability may lead to a loss of Integrity and/or Availability.

Related Vulnerabilities

CVE-2018-14780

MEDIUM
CVSS:4.6(Medium)

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw =...

CWE-1252018

CVE-2018-19985

MEDIUM
CVSS:4.6(Medium)

The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-o...

CWE-1252018

CVE-2021-1897

MEDIUM
CVSS:4.6(Medium)

Possible Buffer Over-read due to lack of validation of boundary checks when loading splash image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Sna...

CWE-1252021

CVE-2021-1898

MEDIUM
CVSS:4.6(Medium)

Possible buffer over-read due to incorrect overflow check when loading splash image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Weara...

CWE-1252021

CVE-2021-1899

MEDIUM
CVSS:4.6(Medium)

Possible buffer over read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CWE-1252021

CVE-2021-1901

MEDIUM
CVSS:4.6(Medium)

Possible buffer over-read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearable...

CWE-1252021