edk2 vulnerabilities

Known vulnerabilities in the edk2 package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L CVE-2024-38805	*
M Out-of-bounds Read	<2023.11-6
H Uncontrolled Recursion	<2020.11-1
H Out-of-Bounds	<2023.11-5
H Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)	<2024.05-1
L Out-of-bounds Write	<0~20180803.dd4cae4d-1
L Integer Overflow or Wraparound	<0~20200229.4c0f6e34-1
L Improper Authentication	<0~20190828.37eef910-4
H Out-of-bounds Write	<0~20181115.85588389-3
L CVE-2023-48733	<2023.11-7
M Out-of-bounds Read	<2023.11-6
L CVE-2025-3770	*
L CVE-2024-1298	<2024.05-1
L CVE-2025-2295	<2025.02-4
H Out-of-Bounds	<2023.11-6
H Out-of-Bounds	<2023.11-6
M Integer Overflow or Wraparound	<2020.05-4
M Out-of-bounds Write	<0~20181115.85588389-3
H Out-of-Bounds	<2023.11-5
H Release of Invalid Pointer or Reference	<2021.11~rc1-1
H CVE-2021-38576	<2021.11-1
H Loop with Unreachable Exit Condition ('Infinite Loop')	<2023.11-6
C Out-of-Bounds	<0~20181115.85588389-3
H NULL Pointer Dereference	<2020.11-1
M Out-of-bounds Write	<2020.11-1
L Out-of-Bounds	<0~20181115.85588389-1
H Out-of-Bounds	<2023.11-5
M CVE-2019-14558	<0~20200229.4c0f6e34-1
H Use After Free	<0~20200229.4c0f6e34-1
L CVE-2024-38796	<2024.08-3
H Out-of-Bounds	<2023.11-6
H Out-of-Bounds	<2021.08-1
H Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)	<2024.05-1
L CVE-2024-38797	<2025.02-8
L CVE-2019-14575	<0~20200229.4c0f6e34-1
C Out-of-bounds Write	<2022.11-1
L Inadequate Encryption Strength	<0~20190606.20d2e5a1-2
M CVE-2019-14587	<0~20200229.4c0f6e34-1
L Resource Exhaustion	<0~20200229.4c0f6e34-1
L CVE-2018-12179	<0~20190606.20d2e5a1-2
M Out-of-bounds Write	<0~20181115.85588389-1
M Improper Input Validation	<2020.11-5
H Loop with Unreachable Exit Condition ('Infinite Loop')	<2023.11-6

Vulnerability

Vulnerable Version

CVE-2024-38805